Forum Discussion
2 Replies
why do you use just TLSv1_2? there are quite some very bad ones in that one group op ciphers next to the two anonymous ones.
DEFAULT on itself is much better, there you can then exclude TLS_1 and TLS1_1 if you want to have only TLS1.2.
but if you really want TLSv1_2 without those two do: 'TLSv1_2:!ADH'
PS: three questions about pretty much the same issue is kinda a lot, i think you can delete two of them.
- Ashwin_VenkatEmployee
Simply appending :!ADH (as mentioned above) should allow for disabling Anonymous DH cipher suites. Moreover, I'd also recommend disabling some of the other known weaker ones that are enabled for your cipher string like RC4, DES, 3DES (Sweet32). Therefore, a cipher string like 'TLSv1_2:!ADH:!DES:!3DES:!RC4' (without the quotes) is a great start.