Microdyn Superuser1

Cipher Suites configuration in BOMGAR Appliance to get A+ rating

So - you like to get an A+ rating from SSLLABS? That's the way you can configure BOMGAR.

This are some good settings for "cipher suites" and their order in BOMGAR Remote Support and BOMGAR PAM /appliance SSL Tab. This settings work good with operating Systems Windows 7 or Server 2008 R2 and higher.

Allow only:
  TLS v1.2 and
  TLS v1.1

If you need still support for some older Vista Clients or Windows Server 2008 non R2, then you can allow TLS v1.0 additionaly, but ssllabs.com "Protocol Support" Rating will then be only at a 95% and not at the 100% level.

Allow only the following Ciphers and in this order under the bomgar yoursite/appliance settings.:

Cipher Suite			supports: Windows10	Windows8.1	Windows7	Vista
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   TLS1.2   
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   TLS1.2   
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 	  TLS1.0-1.2 	TLS1.0-1.2	TLS1.0-1.2	TLS1.0
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 	  TLS1.0-1.2
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   TLS1.2    	TLS1.2    	TLS1.2 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384	  TLS1.2   
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	  TLS1.2   
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	  TLS1.2   
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	  TLS1.2	TLS1.1		TLS1.0   
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	  TLS1.2	TLS1.1		TLS1.0   
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	  TLS1.2   
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	  TLS1.2   
TLS_DH_RSA_WITH_AES_128_GCM_SHA256	  TLS1.2	TLS1.2 		TLS1.2 
TLS_DH_RSA_WITH_AES_256_GCM_SHA384	  TLS1.2	TLS1.2		TLS1.2 
TLS_DH_RSA_WITH_AES_128_CBC_SHA256    	  		TLS1.0-1.2	TLS1.0-1.2
TLS_DH_RSA_WITH_AES_256_CBC_SHA256     	  		TLS1.0-1.2	TLS1.0-1.2

To do the security test against your site please visit the following website: https://www.ssllabs.com/ssltest

Although i have thoroughly researched and tested the written with BOMGAR RS 17 and PAM 17 - MICRODYN DISCLAIMS ALL WARRANTIES!
Author: MICRODYN - R. Hahn / 17.2.2018

BOMGAR is a proprietary trademark of "BOMGAR Corporation".
Windows and Windows Vista are
registered trademarks of Microsoft Corporation.
SSLLABS QUALSYS is a proprietary trademark of "Qualsys, Inc."

Previous Article How to debug problems with BOMGAR Components using a blog.ini file
Next Article How to disable clipboard redirection for local or remote BOMGAR RDP Sessions
Print
446 Rate this article:
4.3

Please login or register to post comments.

Name:
Email:
Subject:
Message:
x

disclaymer of warranties

All articles available under Microdyn-Wiki are published without guarantee for functionality. The published articles are intended for use by MICRODYN Employees. Use or disclosure at your own risk and danger. All manufacturers trademarks or products whitch are referred to in the wiki  are owned by their respective manufacturers.