Forum Discussion

Dan_Pacheco's avatar
Dan_Pacheco
Icon for Cirrus rankCirrus
Oct 18, 2017

Prefer TLSv1.2 within the DEFAULT cipher group

I am trying to manipulate my cipher suite. My requirements are: DEFAULT list only remove 3DES Prioritize TLSv1.2 above TLS1.1 and TLS1.0 (without adding ciphers not included in the default list)   ...
application delivery
LTM
Dan_Pacheco's avatar
Dan_Pacheco
Icon for Cirrus rankCirrus
Oct 18, 2017

I figured it out. tmm --clientciphers '!3DES:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES256-SHA:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-CBC-SHA:-SSLv3:-TLSv1:-TLSv1_1:!DTLSv1:DEFAULT'

Gives me:

   ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX

0: 159 DHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 EDH/RSA

1: 158 DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 EDH/RSA

2: 107 DHE-RSA-AES256-SHA256 256 TLS1.2 Native AES SHA256 EDH/RSA

3: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Native AES SHA EDH/RSA

4: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA

5: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA

6: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA

7: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA

8: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA

9: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA

10: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA 11: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA 12: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA 13: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 14: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA 15: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA 16: 103 DHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 EDH/RSA

17: 51 DHE-RSA-AES128-SHA 128 TLS1.2 Native AES SHA EDH/RSA

18: 51 DHE-RSA-AES128-SHA 128 TLS1 Native AES SHA EDH/RSA

19: 57 DHE-RSA-AES256-SHA 256 TLS1 Native AES SHA EDH/RSA

20: 51 DHE-RSA-AES128-SHA 128 TLS1.1 Native AES SHA EDH/RSA

21: 57 DHE-RSA-AES256-SHA 256 TLS1.1 Native AES SHA EDH/RSA

22: 53 AES256-SHA 256 TLS1 Native AES SHA RSA

23: 47 AES128-SHA 128 TLS1 Native AES SHA RSA

24: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA

25: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA

26: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA 27: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA 28: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 29: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA