Forum Discussion
Kai_Wilke
Apr 15, 2019MVP
Hi Krishna,
just tested the cipher support of Chrome. Chrome does not support the cihper called AES256-SHA256 (ID 61). It does only support AES256-SHA (ID 53) or AES256-GCM-SHA384 (ID 157) if you require a (non-DH) RSA based AES256.
Qualys SSL Labs: SSL/TLS Capabilities of Your Browser
https://www.ssllabs.com/ssltest/viewMyClient.html
To workaround this limitation, I would recommend to change your cipher string to include
AES256-GCM-SHA384
as well as AES256-SHA256
. The GCM is considered more secure than CBC, so you will more or less increase the security of those browser who support this chiper spec.
[root@f501:Active:Standalone] / tmm --clientcipher 'AES256-GCM-SHA384:AES256-SHA256:-SSLv3:-DTLSv1:-TLSv1:-TLSv1_1'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA
1: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
[root@f501:Active:Standalone] /
Cheers, Kai