SSL Cipher...Will this give me what I want?

Question

After an audit, it was found that we need to start using a stricter SSL Profile. This is the string we have come up with however there are disagreements on whether this will only allow the listed Ciphers to be used with TLS1.2 and not any other Ciphers.
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:TLS1_2:!TLS1_1:!TLS1:!SSLv2:!SSLv3:!ADH:!MD5:!RC4:!DES:!NULL:!EXP:!LOW
The listing is prioritized left to right.
I only want TLS1.2 to use the Ciphers below and no other cipher even if TLS1.2 is compatible.
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256

rabid_gerbil_26 · Accepted Answer

I found what I was looking for. Using the Testsslserver ( http://www.bolet.org/TestSSLServer ) program I was able to test different strings to get the perfect match that we were looking for. &nbsp;

Forum Discussion

SSL Cipher...Will this give me what I want?

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Wanted: NetOps with Opinions

What Applications Want

We want you!

request logging profile want to log client certificate details

I just want to use the relative URI in the ICAP profile