AnsweredAssumed Answered

Weak CBC Ciphers

Question asked by Stuart Bennett on Nov 18, 2014
Latest reply on Nov 18, 2014 by John Public

Hello, I'm attempting to disable weak CBC ciphers for TLS v1.0

 

Our current setup is as follows:

 

# SSL

        SSLEngine               on

        SSLProtocol -ALL +TLSv1

        #SSLCipherSuite ALL:!aNULL:!ADH:!DH:!EDH:!CAMELLIA:!KRB5:!IDEA:!AES256-GCM-SHA384:!DHE-RSA-DES-CBC3-SHA:!DHE-RSA-AES256-SHA:!EXP:!LOW:!eNULL:RC4+RSA:+HIGH:+MEDIUM

 

I've tried: ALL:!aNULL:!PSK-AES256-CBC-SHA:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-ECDSA-DES-CBC3-SHA:!ECDH-RSA-DES-CBC3-SHA:!ECDH-ECDSA-DES-CBC3-SHA:!DES-CBC3-SHA:!DES-CBC3-MD5:!PSK-AES128-CBC-SHA:!PSK-3DES-EDE-CBC-SHA:!RC2-CBC-MD5:!ADH:!DH:!EDH:!CAMELLIA:!KRB5:!IDEA:!AES256-GCM-SHA384:!DHE-RSA-DES-CBC3-SHA:!DHE-RSA-AES256-SHA:!EXP:!LOW:!eNULL:RC4+RSA:+HIGH:+MEDIUM

 

but I still seem to see CBC ciphers in a qualys scan. Thank you for any advice.

Outcomes