https://community.checkpoint.com/t5/SASE-and-Remote-Access/Weak-Ciphers-Removal/m-p/51247#M12342 <P>I would use sk126613 for R80.xx version.</P> Thu, 18 Apr 2019 11:14:14 GMT G_W_Albrecht 2019-04-18T11:14:14Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Weak-Ciphers-Removal/m-p/51240#M12341 <P>On our MAB SSL VPN, I have restricted this to only use TLS1.2 and now I want to remove the weak cipher suites as shown.</P><P>I can see 2 possible ways of removing these:</P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk120774&amp;partition=Advanced&amp;product=Security" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk120774&amp;partition=Advanced&amp;product=Security</A></P><P>or</P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&amp;eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk126613#20" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&amp;eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk126613#20</A></P><P>Is there a better one of the 2 methods to use?</P><P>I was thinking the 2nd link would be better as it gives a full list of the individual ciphers that you can either allow or block.</P><P>Any suggestions welcome.</P><P>Thanks</P> Thu, 18 Apr 2019 10:02:43 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Weak-Ciphers-Removal/m-p/51240#M12341 NeilDavey 2019-04-18T10:02:43Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Weak-Ciphers-Removal/m-p/51247#M12342 <P>I would use sk126613 for R80.xx version.</P> Thu, 18 Apr 2019 11:14:14 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Weak-Ciphers-Removal/m-p/51247#M12342 G_W_Albrecht 2019-04-18T11:14:14Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Weak-Ciphers-Removal/m-p/51252#M12343 <P>This is what we did:</P><P>Global Properties &gt; Smartboard Customization &gt; Configure &gt; Portal Properties: changed snx_ssl_min_ver to TLS1.1 and max to TLS1.2</P><P>followed: sk120774 (your first link but this was when the gateways where R77.30)</P><P>and also on the gateways:</P><P>ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_ACCEPT_ECDHE 1</P><P>ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 CPTLS_PROPOSE_ECDHE 1</P><P>ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 DISABLE_3DES 1</P> Thu, 18 Apr 2019 11:40:23 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Weak-Ciphers-Removal/m-p/51252#M12343 Mikel_Aanstoot 2019-04-18T11:40:23Z