Forum Discussion
May 18, 2018
Hi Ghislain,
if it´s generally just about ordering by protocol preference, the following cipher string will do it:DEFAULT:+TLSv1_1:+TLSv1:+DTLSv1
.
Please check via command line:
tmm --clientciphers 'DEFAULT:+TLSv1_1:+TLSv1:+DTLSv1'
The "
+
" prefix lowers the preference of the specifier (applies to handshake-methods, bulk-crypto and message-digest algorithms as well).
Back to your specific case it would be the following:
DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:!SSLv3:+TLSv1_1:+TLSv1:!DTLSv1
Verfication:
tmm --clientciphers 'DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:!SSLv3:+TLSv1_1:+TLSv1:!DTLSv1'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 51 DHE-RSA-AES128-SHA 128 TLS1.2 Native AES SHA EDH/RSA
1: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Native AES SHA EDH/RSA
2: 51 DHE-RSA-AES128-SHA 128 TLS1.1 Native AES SHA EDH/RSA
3: 57 DHE-RSA-AES256-SHA 256 TLS1.1 Native AES SHA EDH/RSA
4: 51 DHE-RSA-AES128-SHA 128 TLS1 Native AES SHA EDH/RSA
5: 57 DHE-RSA-AES256-SHA 256 TLS1 Native AES SHA EDH/RSA
In a previous post ("TMOS SSL TLS Cipher Cheat Sheet") I tried to summarize the different approaches for cipher specification including aliases and keywords.
Cheers, Stephan