TLS 1.2 - block specific cipher suite on WAN

Hello,

we use a XG430 - is there any way to block the cipher suite

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

on wan for a webserver keeping only TLS 1.2 with

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

for external connections?

We need TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA for internal connections but have problems with external users who are blocked on webservers using this cipher suite because its classified as week.

I tried with the SSL/TLS inspection rules but dont find any config to block this cipher suite for external connections.

Thank you and best regards Thomas



Added TAGs
[edited by: Raphael Alganes at 12:21 AM (GMT -8) on 26 Feb 2024]
Parents Reply Children