Forum Discussion
Brad_Parker
Cirrus
This will disable 3DES and prioritize PFS and GCM.
'!EXPORT:!DH:!MD5:!SSLv3:!DTLSv1:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:RSA+AES-GCM:RSA+AES'
. Looks like you are wanting to also disable TLSv1? If that's the case add !TLSv1, i.e. '!EXPORT:!DH:!MD5:!SSLv3:!TLSv1:!DTLSv1:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:RSA+AES-GCM:RSA+AES'
Last thing, if you still want to support IE on XP 3DES is the only "secure" supported cipher left.mc1903_137193
Sep 25, 2015Nimbostratus
Thankyou Brad. That did it as far as I can see with the test site I use (which is different to the penetration testing company). I need to get SSL Scan installed onto a Linux machine to do a representative test.