Rohit Patil
Reputation: 11
Need to exclude TLSv1.0 and TLSv1.1 ssl ciphers postgresql.conf
Currently my ssl_ciphers string looks like this:
ssl_ciphers='ALL:!ADH:!LOW:!EXP:!MD5:!aNULL:!eNULL:!NULL:!3DES:!RC4:!SSLV2:@STRENGTH'
I want to exclude TLSv1.0 and TLSv1.1 ciphers along with following ones:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA
I was able to exclude TLSv1.0 and TLSv1.1 ciphers using below
ssl_ciphers='ALL:!ADH:!LOW:!EXP:!MD5:!aNULL:!eNULL:!NULL:!3DES:!RC4:!SSLV2:!TLSv1.0:!TLSv1.1:@STRENGTH'
Edit: Above change(adding !TLSv1.0:!TLSv1.1) did not exclude TLSv1.0 and TLSv1.1 ciphers as I can still see them in nmap results.
Is there any way to exclude TLSv1.0 and TLSv1.1 from ssl_ciphers?
Upvotes: 0
Views: 413
Answers (0)
Related Questions
- Android HttpsURLConnection giving SSLHandshakeException after disabling cipher suites in backend
- Windows Server 2016 Cipher Suites not working
- How to disable cipher CBC on apache 2.4 on centos 7
- How can I disable TLS_RSA_WITH_AES_128_CBC_SHA without disabling others as well?
- Problems connecting via HTTPS/SSL through java okhttp client
- How to handle SSL Handshake
- How to identify and remove CBC ciphers in the CipherSuite?
- Disable TLS_RSA_WITH_3DES_EDE_CBC_SHA for Jetty server