Rimmi wrote: » Hi, 1) Since CBC is a weak cipher, does these means all the item from 2 to 12 should be removed? If no, please help to advise. Also, what does (0x3d) and (0x84) in item 4 and 5 respectively means? 1) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS2) 256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc02ECDH secp256r1 (eq. 3072 bits RSA) FS3) 256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS4) 256TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)256TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 5) 256TLS_RSA_WITH_AES_256_CBC_SHA (0x35)256TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 6) 256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128 bit 7) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS 128 bitTLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS 128 bit 9)TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)128TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)128 bit 10) TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)128TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)128 bit 11) TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS 128 bit12) TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)112 bit
