@Roman Annenko , Based on my research, SSLCipherSuite accepts the following prefixes:
none: Adds the cipher to the list
- : Adds the cipher to the list and places it in the correct location in the list
- : Removes the cipher from the list (can be added later)
! : Removes the cipher from the list permanently
Here are the articles for the reference:
https://docs.oracle.com/middleware/12213/webtier/administer-ohs/GUID-C76BCA2A-9C28-4D16-9758-9346FBCF7512.htm#HSADM1016
https://www.leaderssl.com/news/471-how-to-disable-outdated-versions-of-ssl-tls-in-apache
Note: Non-microosft link, just for the reference.
Meanwhile, I find the default SSL cipher configuration on UNIX or Linux computer is governed by the SSL package that is installed as part of the operating system. The SSL cipher configuration typically allows connections with a variety of ciphers, including older ciphers of lower strength. While Operations Manager does not use these lower strength ciphers, having port 1270 open with the possibility of using a lower strength cipher contradicts the security policy of some organizations. We can check the version of the operation system of the server and check if the cipher suite is supported.
https://learn.microsoft.com/en-us/system-center/scom/manage-security-crossplat-config-sslcipher?view=sc-om-2019
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.