S
ShiroBB
Hi Microsoft Expert,
We had taking out 'weak' ciphers and intend to use the stronger ciphers like TLS_ECDHE_ECDSA* and TLS_DHE_DSS*, but server doesn’t seems to support.
#removed TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
#removed TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
#removed TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
#removed TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
#removed TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
#removed TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
#removed TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
#removed TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
#removed TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
#removed TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
#removed TLS_RSA_WITH_AES_256_GCM_SHA384
#removed TLS_RSA_WITH_AES_128_GCM_SHA256
#removed TLS_RSA_WITH_AES_256_CBC_SHA256
#removed TLS_RSA_WITH_AES_128_CBC_SHA256
#removed TLS_RSA_WITH_AES_256_CBC_SHA
#removed TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Tested using openssl shows not supported:
openssl s_client -cipher ECDHE-ECDSA-AES256-GCM-SHA384 -connect xxx.xxx.xxx.xxx:443
Anybody have any comments do feedback.
Thank you!
Regards,
Shiro
Continue reading...
We had taking out 'weak' ciphers and intend to use the stronger ciphers like TLS_ECDHE_ECDSA* and TLS_DHE_DSS*, but server doesn’t seems to support.
#removed TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
#removed TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
#removed TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
#removed TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
#removed TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
#removed TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
#removed TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
#removed TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
#removed TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
#removed TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
#removed TLS_RSA_WITH_AES_256_GCM_SHA384
#removed TLS_RSA_WITH_AES_128_GCM_SHA256
#removed TLS_RSA_WITH_AES_256_CBC_SHA256
#removed TLS_RSA_WITH_AES_128_CBC_SHA256
#removed TLS_RSA_WITH_AES_256_CBC_SHA
#removed TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Tested using openssl shows not supported:
openssl s_client -cipher ECDHE-ECDSA-AES256-GCM-SHA384 -connect xxx.xxx.xxx.xxx:443
Anybody have any comments do feedback.
Thank you!
Regards,
Shiro
Continue reading...