Zobrazenie otázok označených: Zobraziť všetky otázky
  • Vyriešené
  • Archivované

Cannot disable Cipher TLS_RSA_WITH_AES_128_GCM_SHA256 or TLS_RSA_WITH_AES_256_GCM_SHA384

Hi there, I'm trying to disable insecure ciphers in TLS 1.2 since 1.3 isn't widely supported yet. I'm using this to determine whats secure: https://browserleaks.com/ssl… (ďalšie informácie)

Hi there,

I'm trying to disable insecure ciphers in TLS 1.2 since 1.3 isn't widely supported yet.

I'm using this to determine whats secure: https://browserleaks.com/ssl

I cant find any option to disable these two ciphers:

0x009c TLS_RSA_WITH_AES_128_GCM_SHA256 0x009d TLS_RSA_WITH_AES_256_GCM_SHA384

Thanks :)

Otázku položil(a) Reuben Pred 1 rokom

Na otázku odpovedal(a) Mike Kaply Pred 1 rokom

  • Archivované

Why does Firefox get "SecureConnectionFailed - PR_CONNECT_ABORTED_ERROR" when connecting to website that has the SHA1 hash disabled?

Security consultants have advised that cipher suites using the SHA1 hash are no longer considered secure and should not be enabled. Using the nmap tool we can identify wh… (ďalšie informácie)

Security consultants have advised that cipher suites using the SHA1 hash are no longer considered secure and should not be enabled.

Using the nmap tool we can identify which cipher suites use the SHA1 hash.

On our webserver, (IIS version 8.5 on Windows 2012 R2 ) if we eliminate cipher suites that contain the SHA1 hash, the Firefox browser cannot browse the site. Error displayed = Secure Connection Failed - PR_CONNECT_ABORTED_ERROR We tested versions up to Firefox ( v75.0 ).

Other browsers such as Chrome and IE have no issues browsing our site with the SHA1 hash disabled.

Once the SHA1 hash is enabled, Firefox works fine. Seeking a solution that will satisfy the security folks and our Firefox users.

Otázku položil(a) SPI_help Pred 1 rokom

Posledná odpoveď od jscher2000 Pred 1 rokom