Reset Search
 

 
Article

6967 - How to disable certain cipher suites for virtual Traffic Manager?

Printable View
« Go Back

Information

 
Last Modified Date11/30/2017 8:00 AM
Synopsis
This document provides step-by-step instructions how to disable certain cipher suites for virtual Traffic Manager.
Problem or Goal
Cause
Solution
Below are steps to add the three cipher with OpenSSL naming convention: AES256-SHA, AES128-SHA, DES-CBC3-SHA
  1. Navigate to System > Global Settings > SSL Configuration > ssl!ssl3_ciphers
  2. Add desired cipher separated by space, comma, or colon:
    • SSL_RSA_WITH_AES_256_CBC_SHA:SSL_RSA_WITH_AES_128_CBC_SHA:SSL_RSA_WITH_3DES_EDE_CBC_SHA
  3. Click Update

The list of cipher Stingray Traffic Manager supports: 

This is a list (space, comma or colon separated) of SSL ciphers that will \t be used with performing SSL decryption or SSL encryption. The order of the supplied list determines the priority of the ciphers for SSL decryption.

The default order is:

  1. SSL_RSA_WITH_RC4_128_SHA
  2. SSL_RSA_WITH_RC4_128_MD5
  3. SSL_RSA_WITH_AES_256_CBC_SHA
  4. SSL_DHE_RSA_WITH_AES_256_CBC_SHA
  5. SSL_RSA_WITH_3DES_EDE_CBC_SHA
  6. SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  7. SSL_RSA_WITH_AES_128_CBC_SHA
  8. SSL_DHE_RSA_WITH_AES_128_CBC_SHA

In addition, the following ciphers are supported but disabled by default:

  1. SSL_RSA_EXPORT_WITH_RC4_56_SHA
  2. SSL_RSA_EXPORT_WITH_RC4_56_MD5
  3. SSL_RSA_WITH_DES_CBC_SHA
  4. SSL_DHE_RSA_WITH_DES_CBC_SHA
  5. SSL_RSA_EXPORT_WITH_DES_CBC_SHA
  6. SSL_RSA_EXPORT_WITH_RC4_40_MD5
  7. SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
  8. SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
  9. SSL_RSA_WITH_NULL_SHA
  10. SSL_RSA_WITH_NULL_MD5
 
The mapping equivalent for Stingray Traffic Manager will have the SSL_ prefix instead of TLS_ prefix:

Standard name                       GnuTLS name                    OpenSSL name----------------------------------------------------------------------------------TLS_DH_anon_EXPORT_WITH_RC4_40_MD5  TLS_RSA_EXPORT_ARCFOUR_40_MD5  EXP-ADH-RC4-MD5TLS_DHE_DSS_WITH_RC4_128_SHA        TLS_DHE_DSS_ARCFOUR_SHA1       DHE-DSS-RC4-SHASSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA   TLS_DHE_DSS_3DES_EDE_CBC_SHA1  EDH-DSS-DES-CBC3-SHASSL_DHE_RSA_WITH_DES_CBC_SHA        TLS_DHE_RSA_3DES_EDE_CBC_SHA1  EDH-RSA-DES-CBC3-SHATLS_DHE_DSS_WITH_AES_128_CBC_SHA    TLS_DHE_DSS_AES_128_CBC_SHA1   DHE-DSS-AES128-SHATLS_DHE_DSS_WITH_AES_256_CBC_SHA    TLS_DHE_DSS_AES_256_CBC_SHA1   DHE-DSS-AES256-SHATLS_DHE_RSA_WITH_AES_128_CBC_SHA    TLS_DHE_RSA_AES_128_CBC_SHA1   DHE-RSA-AES128-SHATLS_DHE_RSA_WITH_AES_256_CBC_SHA    TLS_DHE_RSA_AES_256_CBC_SHA1   DHE-RSA-AES256-SHATLS_RSA_WITH_AES_128_CBC_SHA        TLS_RSA_AES_128_CBC_SHA1       AES128-SHATLS_RSA_WITH_AES_256_CBC_SHA        TLS_RSA_AES_256_CBC_SHA1       AES256-SHATLS_RSA_WITH_RC4_128_MD5            TLS_RSA_ARCFOUR_MD5            RC4-MD5TLS_RSA_WITH_RC4_128_SHA            TLS_RSA_ARCFOUR_SHA1           RC4-SHATLS_DH_anon_WITH_RC4_128_MD5        TLS_ANON_DH_ARCFOUR_MD5        ADH-RC4-MD5TLS_DH_anon_WITH_3DES_EDE_CBC_SHA   TLS_ANON_DH_3DES_EDE_CBC_SHA1  ADH-DES-CBC3-SHATLS_RSA_WITH_NULL_MD5               TLS_RSA_NULL_MD5               NULL-MD5TLS_DH_anon_WITH_AES_128_CBC_SHA    TLS_ANON_DH_AES_128_CBC_SHA1   ADH-AES128-SHATLS_DH_anon_WITH_AES_256_CBC_SHA    TLS_ANON_DH_AES_256_CBC_SHA1   ADH-AES256-SHATLS_RSA_WITH_3DES_EDE_CBC_SHA       TLS_RSA_3DES_EDE_CBC_SHA1      DES-CBC3-SHA
Related Links
Attachment 1 
Created ByCode Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255