topic TLS/SSL WEAK MESSAGE AUTHENTICATION CODE CIPHER SUITES in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/TLS-SSL-WEAK-MESSAGE-AUTHENTICATION-CODE-CIPHER-SUITES/m-p/177875#M32571 <P>How to I disable weak cipher suites for an Open server?</P><UL><LI><P>Negotiated with the following insecure cipher suites:</P><UL><LI>TLS 1.2 ciphers:<UL><LI>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</LI><LI>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</LI><LI>TLS_RSA_WITH_AES_128_CBC_SHA</LI><LI>TLS_RSA_WITH_AES_256_CBC_SHA</LI></UL></LI></UL></LI></UL> Tue, 11 Apr 2023 18:10:15 GMT AQuinn 2023-04-11T18:10:15Z TLS/SSL WEAK MESSAGE AUTHENTICATION CODE CIPHER SUITES https://community.checkpoint.com/t5/Firewall-and-Security-Management/TLS-SSL-WEAK-MESSAGE-AUTHENTICATION-CODE-CIPHER-SUITES/m-p/177875#M32571 <P>How to I disable weak cipher suites for an Open server?</P><UL><LI><P>Negotiated with the following insecure cipher suites:</P><UL><LI>TLS 1.2 ciphers:<UL><LI>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</LI><LI>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</LI><LI>TLS_RSA_WITH_AES_128_CBC_SHA</LI><LI>TLS_RSA_WITH_AES_256_CBC_SHA</LI></UL></LI></UL></LI></UL> Tue, 11 Apr 2023 18:10:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TLS-SSL-WEAK-MESSAGE-AUTHENTICATION-CODE-CIPHER-SUITES/m-p/177875#M32571 AQuinn 2023-04-11T18:10:15Z Re: TLS/SSL WEAK MESSAGE AUTHENTICATION CODE CIPHER SUITES https://community.checkpoint.com/t5/Firewall-and-Security-Management/TLS-SSL-WEAK-MESSAGE-AUTHENTICATION-CODE-CIPHER-SUITES/m-p/177883#M32572 <P>Most likely via the following tool:</P> <P>sk126613 - Cipher configuration tool 'cipher_util' for Security Gateways</P> Tue, 11 Apr 2023 23:12:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TLS-SSL-WEAK-MESSAGE-AUTHENTICATION-CODE-CIPHER-SUITES/m-p/177883#M32572 Chris_Atkinson 2023-04-11T23:12:54Z Re: TLS/SSL WEAK MESSAGE AUTHENTICATION CODE CIPHER SUITES https://community.checkpoint.com/t5/Firewall-and-Security-Management/TLS-SSL-WEAK-MESSAGE-AUTHENTICATION-CODE-CIPHER-SUITES/m-p/177885#M32574 <P>Chris is right...definitely done via cipher_util command (from expert mode of your CP firewall)</P> <P>Cheers,</P> <P>Andy</P> Tue, 11 Apr 2023 23:22:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/TLS-SSL-WEAK-MESSAGE-AUTHENTICATION-CODE-CIPHER-SUITES/m-p/177885#M32574 the_rock 2023-04-11T23:22:22Z