Forum Discussion
Joe_R
May 11, 2018Nimbostratus
simply adding :@Speed the current ciphers DEFAULT:!DHE:!3DES:!TLSv1 upgrades a 'B' score to an 'A' ... am I missing something ... this appears too simple
- Kai_WilkeJan 11, 2019MVP
Hi Joe,
is the default setting. It won't change anything if you explicitly add this directive to your cipher string (see below).:@SPEED
Cheers, Kai
[root@f501:Active:Standalone] config tmm --clientcipher 'DEFAULT:!DHE:!3DES:!TLSv1' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA 1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA 3: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA 4: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA 5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 7: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA 8: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA 9: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 10: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 11: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 12: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 13: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA 14: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 15: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 16: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 17: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 18: 65 CAMELLIA128-SHA 128 TLS1.1 Native CAMELLIA SHA RSA 19: 65 CAMELLIA128-SHA 128 TLS1.2 Native CAMELLIA SHA RSA 20: 132 CAMELLIA256-SHA 256 TLS1.1 Native CAMELLIA SHA RSA 21: 132 CAMELLIA256-SHA 256 TLS1.2 Native CAMELLIA SHA RSA 22: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA 23: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.1 Native AES SHA ECDHE_ECDSA 24: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDHE_ECDSA 25: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA 26: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA 27: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDHE_ECDSA 28: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDHE_ECDSA 29: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA [root@f501:Active:Standalone] config tmm --clientcipher 'DEFAULT:!DHE:!3DES:!TLSv1:@SPEED' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA 1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA 3: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA 4: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA 5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 7: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA 8: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA 9: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 10: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 11: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 12: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 13: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA 14: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 15: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 16: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 17: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 18: 65 CAMELLIA128-SHA 128 TLS1.1 Native CAMELLIA SHA RSA 19: 65 CAMELLIA128-SHA 128 TLS1.2 Native CAMELLIA SHA RSA 20: 132 CAMELLIA256-SHA 256 TLS1.1 Native CAMELLIA SHA RSA 21: 132 CAMELLIA256-SHA 256 TLS1.2 Native CAMELLIA SHA RSA 22: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA 23: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.1 Native AES SHA ECDHE_ECDSA 24: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDHE_ECDSA 25: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA 26: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA 27: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDHE_ECDSA 28: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDHE_ECDSA 29: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA [root@f501:Active:Standalone] config