Limiting SSL/TLS Cipher Suite doesn't work?

slowaways · Jan 19, 2020

Hello,
I disabled HTTP/2 and defined this cipher suite to my SSL Protocol configuration:

Listener HTTPS->SSL->SSL Protocol
"TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES256-GCM-SHA384:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"

Opera Instantâneo_2020-01-19_165837_ptt.tecnosul.agr.br.png

TLS 1.3:
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256

TLS 1.2:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Opera Instantâneo_2020-01-19_164229_www.ssllabs.com.png

I want to disable all Ciphers <= 128 and active only Ciphers >= 256 to get 100% on Cipher Stronger pontuation in the SSL Labs test:

Opera Instantâneo_2020-01-19_165704_www.ssllabs.com.png

SSL Labs Grade Documentation:
"Key Exchange 100%: Key or DH paramenter strength >= 4096 bits
Cipher Strength 100%: All keys size >= 256 bits "

But when I tested in SSL Labs, cipher that I disabled before appears yet.

Pong · Jan 20, 2020

What's your site URL? maybe you log a ticket by sending an email to support@litespeedtech.com with us to your login details and site URL for us to check?

slowaways · Feb 10, 2020

Pong said:

Ok

anditasb · Dec 9, 2020

slowaways said:

Hello,

Do you have any update about this?

stevieosaurus · 2024-11-06T20:01:36+0000

5 years later I encounter the same issue. Anyone found a fix for this? (disabling CBC ciphers)

Cold-Egg · 2024-11-07T01:04:18+0000

Some similar posts here, maybe you can give it a try.

Limiting SSL/TLS Cipher Suite doesn't work?

slowaways

New Member

Pong

Administrator

slowaways

New Member

anditasb

New Member

stevieosaurus

New Member

Cold-Egg

Administrator