Forum Discussion
Joe_R
Nimbostratus
simply adding :@Speed the current ciphers DEFAULT:!DHE:!3DES:!TLSv1 upgrades a 'B' score to an 'A' ... am I missing something ... this appears too simple
Kai_Wilke
Jan 11, 2019MVP
Hi Joe,
:@SPEED
is the default setting. It won't change anything if you explicitly add this directive to your cipher string (see below).
Cheers, Kai
[root@f501:Active:Standalone] config tmm --clientcipher 'DEFAULT:!DHE:!3DES:!TLSv1'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
3: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
4: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
7: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
8: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA
9: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
10: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
11: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
12: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
13: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA
14: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
15: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
16: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
17: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
18: 65 CAMELLIA128-SHA 128 TLS1.1 Native CAMELLIA SHA RSA
19: 65 CAMELLIA128-SHA 128 TLS1.2 Native CAMELLIA SHA RSA
20: 132 CAMELLIA256-SHA 256 TLS1.1 Native CAMELLIA SHA RSA
21: 132 CAMELLIA256-SHA 256 TLS1.2 Native CAMELLIA SHA RSA
22: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA
23: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.1 Native AES SHA ECDHE_ECDSA
24: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDHE_ECDSA
25: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA
26: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA
27: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDHE_ECDSA
28: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDHE_ECDSA
29: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA
[root@f501:Active:Standalone] config tmm --clientcipher 'DEFAULT:!DHE:!3DES:!TLSv1:@SPEED'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
3: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
4: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
7: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
8: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA
9: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
10: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
11: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
12: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
13: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA
14: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
15: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
16: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
17: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
18: 65 CAMELLIA128-SHA 128 TLS1.1 Native CAMELLIA SHA RSA
19: 65 CAMELLIA128-SHA 128 TLS1.2 Native CAMELLIA SHA RSA
20: 132 CAMELLIA256-SHA 256 TLS1.1 Native CAMELLIA SHA RSA
21: 132 CAMELLIA256-SHA 256 TLS1.2 Native CAMELLIA SHA RSA
22: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA
23: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.1 Native AES SHA ECDHE_ECDSA
24: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDHE_ECDSA
25: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA
26: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA
27: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDHE_ECDSA
28: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDHE_ECDSA
29: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA
[root@f501:Active:Standalone] config