TLS 1.2 - block specific cipher suite on WAN


we use a XG430 - is there any way to block the cipher suite


on wan for a webserver keeping only TLS 1.2 with


for external connections?

We need TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA for internal connections but have problems with external users who are blocked on webservers using this cipher suite because its classified as week.

I tried with the SSL/TLS inspection rules but dont find any config to block this cipher suite for external connections.

Thank you and best regards Thomas

Added TAGs
[edited by: Raphael Alganes at 12:21 AM (GMT -8) on 26 Feb 2024]
Parents Reply Children