Create a Post
Showing results for 
Search instead for 
Did you mean: 

Checkpoint r77.30 cipher suites


Could any body advise which cipher suites are available with a checkpoint device running r77.30 please?

We cannot find it in the GUI.. or anywhere online! Is there a command we can use to list the available ciphers?

Many thanks

0 Kudos
5 Replies

Cipher Suites in what context?

0 Kudos

Is there a way to lock down the supported ciphers for SNX. Mobile Blade?

So for example, I only want to support ciphers with PFS leaving me with DHE and ECDHE. A standard sslscan shows 

AES-128-SHA and AES256-SHA is supported which I want to get rid off to meet our cipher standards

0 Kudos

Based on the Global Properties, it does not appear this is possible currently.

It looks like you can disable 3DES per the following SK: Check Point response to CVE-2016-2183 (Sweet32) 

I don't see an easy way to disable AES and/or enable ECDHE/DHE support.

I can ask around, but you should probably open a TAC case.

0 Kudos

We have a TAC case open as we need to change ciphers to comply to the company requirements. But so far this is not going very well.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Champion Champion

Example for HTTPS Inspection:

First you'll want to know if your R77.30 is at the latest Jumbo Hotfix Take.

Just check it on your firewall gateway within expert mode via: installed_jumbo_take

Then you'll want to know which cipher suites are actually configured, to check this, just enter:

cat /opt/CPshrd-R77/registry/ | grep -i cptls

You notice that ECDH P-384 elliptic curve ciphers are not available to your gateway yet
so you follow the instructions from sk110883 and sk112954.

Final result:

cat /opt/CPshrd-R77/registry/ | grep -i cptls
    :CPTLS_EC_P384 (1)

All required cipher suites are now available to your gateway
and you can enjoy surfing HTTPS websites without any issues related to P-384.
0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events