Forum Discussion
- Rupert_Connell_Nimbostratus
No it is not!
!SSLv3 hard disables the SSLv3 ciphers. No SSLv3 disables the SSLv3 protocol.
If you set !SSLv3, but not No SSLv3, the client may negotiate SSLv3 as protocol, then not be able to use any ciphers, since you have disabled them!
See here for reference: Cipher Suite Practices and Pitfalls
this one deserves a few upvotes to make sure it is on top.
- Rupert_ConnellAltostratus
No it is not!
!SSLv3 hard disables the SSLv3 ciphers. No SSLv3 disables the SSLv3 protocol.
If you set !SSLv3, but not No SSLv3, the client may negotiate SSLv3 as protocol, then not be able to use any ciphers, since you have disabled them!
See here for reference: Cipher Suite Practices and Pitfalls
this one deserves a few upvotes to make sure it is on top.
- Faruk_AYDINNimbostratus
Yes, It is equivalent.
- Faruk_AYDINNimbostratus
use :
and also disable weak ciphers.ALL:!SSLv2!SSLv3