According to NIST and HIPAA guidance, I miss one cipher on a new web server:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Despite I read this one is discouraged, I am curious as to how do I add it?
I am on Linux Debian 9 with Apache.
Currently I have set up these ciphers:
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:DES-CBC3-SHA:!aNULL:!MD5:!DSS:!eNULL:!ADH:!EXP:!LOW:!DES:!PSK:!SRP:!DSS:!RC4
I tried hard to find a naming for this suite here for example, unsuccessfully.
Does anyone know its naming?