Forum Discussion
I recommend you using the command tmm --clientciphers 'DEFAULT' for cheking de default configuration. Output Example:
[root@localhost:Active:Standalone] config tmm --clientciphers 'DEFAULT'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 5 RC4-SHA 128 SSL3 Native RC4 SHA RSA 1: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA 2: 5 RC4-SHA 128 TLS1.1 Native RC4 SHA RSA 3: 5 RC4-SHA 128 TLS1.2 Native RC4 SHA RSA 4: 47 AES128-SHA 128 SSL3 Native AES SHA RSA 5: 47 AES128-SHA 128 TLS1 Native AES SHA RSA 6: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 7: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 8: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 9: 53 AES256-SHA 256 SSL3 Native AES SHA RSA 10: 53 AES256-SHA 256 TLS1 Native AES SHA RSA 11: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 12: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 13: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 14: 10 DES-CBC3-SHA 192 SSL3 Native DES SHA RSA 15: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA 16: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA 17: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 18: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA 19: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 20: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 21: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA 22: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 23: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA 24: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA 25: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 26: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 27: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA 28: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA 29: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA
Translation is (this command will print the same output):
tmm --clientciphers 'RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA256:AES256-SHA256:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA'
The general idea is ordering suites (third column of the output), in this example: RC4-SHA:AES128-SHA:AES256-SHA etc.. and testing with tmm --clientciphers 'ORDERED SUITES'