User Tools
ssldisableweakciphers
Table of Contents
SSL Disable Weak Ciphers
Apache 2
SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!ADH
IIS
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersDES 56/56] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersNULL] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC2 40/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC2 56/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 40/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 56/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 64/128] “Enabled”=dword:0000000
Cisco ACE Module
parameter-map type ssl STRONG-CIPHERS cipher RSA_WITH_AES_128_CBC_SHA cipher RSA_WITH_AES_256_CBC_SHA
OpenSSL
openssl reports ciphers from various categories
$ openssl ciphers 'HIGH:!DH' -v -tls1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 $ openssl ciphers 'MEDIUM:!DH' -v -tls1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 $ openssl ciphers 'LOW:!DH' -v -tls1 DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 $ openssl ciphers 'EXP:!DH' -v -tls1 EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
ssldisableweakciphers.txt · Last modified: 2020/02/13 22:55 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
