Forum Discussion
Brad_Parker_139
Nacreous
This will disable 3DES and prioritize PFS and GCM.
'!EXPORT:!DH:!MD5:!SSLv3:!DTLSv1:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:RSA+AES-GCM:RSA+AES'
. Looks like you are wanting to also disable TLSv1? If that's the case add !TLSv1, i.e. '!EXPORT:!DH:!MD5:!SSLv3:!TLSv1:!DTLSv1:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:RSA+AES-GCM:RSA+AES'
Last thing, if you still want to support IE on XP 3DES is the only "secure" supported cipher left.Brad_Parker_139
Sep 25, 2015Nacreous
Also, if you really want to disable AES128-SHA like you mentioned above you can add a "!AES128-SHA" to the string.