SSL/TLS Strict Mode blocked ciphers

Updated 6 years ago by admin

Activating the Use strict SSL/TLS ciphers option within the Windows or Mac OS X Agent Configuration Profile will block the following ciphers as they are considered weak.

This may cause unexpected behaviour when visiting web servers that still use these outdated ciphers

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   Forward Secrecy   256

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)   Forward Secrecy     256

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)   Forward Secrecy          256

TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)   Forward Secrecy 256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   Forward Secrecy  128

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)  WEAK            256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  WEAK 256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)  WEAK          256

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)  WEAK            128

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)  WEAK 128

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)  WEAK          128

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)  WEAK   256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)  WEAK  256

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)  WEAK   128

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)  WEAK  128

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)  WEAK     256

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)  WEAK      128

How did we do?