search for: tls_dhe_rsa_with_aes_128_cbc_sha

...Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) ? ? ? ? ? ? ? ? Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) ? ? ? ? ? ? ? ? Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) ? ? ? ? ? ? ? ? Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) ? ? ? ? ? ? ? ? Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) ? ? ? ? ? ? ? ? Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) ? ? ? ? ? ? ? ? Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) ? ? ? ? ? ? ? ? Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) ? ? ? ? ? ? ? ? Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) ?...

...fferent from Apache, which has similar parameters, but where disabling the protocol takes precedence. If I just do: ssl_protocols = !SSLv2 !SSLv3 I still get some ciphers that show up as "weak", e.g., | SSLv3: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_DHE_RSA_WITH_DES_CBC_SHA - weak [....] | TLS_RSA_WITH_DES_CBC_SHA - weak Is there a way to exclude these ciphers, while still keeping my config easy to parse and avoiding duplicative or deprecated configs? The behavior i...