Forum Discussion
Suzyw720_345395
Apr 28, 2018Nimbostratus
Hello, I am using v11.6.2HF1 am just looking for thoughts and/or opinions. 1. I have 2 client SSL profiles with their current cipher strings set to: DEFAULT:@STRENGTH:!EXP:!EXPORT:!DHE. In order to disable TLS v1.0, I will modify both cipher strings to read: DEFAULT:@STRENGTH:!EXP:!EXPORT:!DHE:!TLSv1:!SSL:!SSLv2:!SSLv3
- I am also looking to enable PFS, using a string I saw posted by David Holmes, which is: ECDHE+HIGH:HIGH since Qualys Labs changed their grading practice. Any thoughts if this string will improve the Qualys rating? Thanks for any thoughts or comments.