5

According to NIST and HIPAA guidance, I miss one cipher on a new web server:

TLS_RSA_WITH_3DES_EDE_CBC_SHA

Despite I read this one is discouraged, I am curious as to how do I add it?

I am on Linux Debian 9 with Apache.

Currently I have set up these ciphers:

SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:DES-CBC3-SHA:!aNULL:!MD5:!DSS:!eNULL:!ADH:!EXP:!LOW:!DES:!PSK:!SRP:!DSS:!RC4

I tried hard to find a naming for this suite here for example, unsuccessfully.

Does anyone know its naming?

LinuxSecurityFreak
  • 1,562
  • 2
  • 18
  • 32

1 Answers1

3

The "Apache naming" is actually the syntax used by OpenSSL. According to https://testssl.sh/openssl-rfc.mappping.html the OpenSSL name for TLS_RSA_WITH_3DES_EDE_CBC_SHA is DES-CBC3-SHA.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424