Forum Discussion
kva_178637
Nimbostratus
NimbostratusAdding a new crypto set to the SSL Client Profile
I would like to add the support for the following ciphers to a specific SSL Client Profile on the LTM.
I believe that I need to enter it into Configuration\Advanced\Ciphers in the new client profile....
nitass
Employee
Employeecan I add a clientcipher that isn't listed using the following: ECDHE:ECDSA:AES128:CBC:SHA256 (and what would be the difference if one used DEFAULT:ECDHE:ECDSA:AES128:CBC:SHA256)
e.g.
[root@ve11c:Active:In Sync] config tmm --clientciphers ECDHE:ECDSA:AES128:CBC:SHA256
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
1: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
2: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
3: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
4: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
5: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA
6: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA
7: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA
8: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
9: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
10: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
11: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
12: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
13: 106 DHE-DSS-AES256-SHA256 256 TLS1.2 Native AES SHA256 DHE/DSS
14: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
15: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA
16: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA
17: 162 DHE-DSS-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 DHE/DSS
18: 158 DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 EDH/RSA
19: 64 DHE-DSS-AES128-SHA256 128 TLS1.2 Native AES SHA256 DHE/DSS
20: 166 ADH-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ADH
21: 49201 ECDH-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDH_RSA
22: 49197 ECDH-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDH_ECDSA
23: 49193 ECDH-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDH_RSA
24: 49189 ECDH-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDH_ECDSA
25: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA
26: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
[root@ve11c:Active:In Sync] config tmm --clientciphers DEFAULT:ECDHE:ECDSA:AES128:CBC:SHA256
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 159 DHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 EDH/RSA
1: 158 DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 EDH/RSA
2: 57 DHE-RSA-AES256-SHA 256 TLS1 Native AES SHA EDH/RSA
3: 57 DHE-RSA-AES256-SHA 256 TLS1.1 Native AES SHA EDH/RSA
4: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Native AES SHA EDH/RSA
5: 57 DHE-RSA-AES256-SHA 256 DTLS1 Native AES SHA EDH/RSA
6: 51 DHE-RSA-AES128-SHA 128 TLS1 Native AES SHA EDH/RSA
7: 51 DHE-RSA-AES128-SHA 128 TLS1.1 Native AES SHA EDH/RSA
8: 51 DHE-RSA-AES128-SHA 128 TLS1.2 Native AES SHA EDH/RSA
9: 51 DHE-RSA-AES128-SHA 128 DTLS1 Native AES SHA EDH/RSA
10: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA EDH/RSA
11: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA EDH/RSA
12: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA EDH/RSA
13: 22 DHE-RSA-DES-CBC3-SHA 192 DTLS1 Native DES SHA EDH/RSA
14: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA
15: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA
16: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
17: 53 AES256-SHA 256 TLS1 Native AES SHA RSA
18: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
19: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
20: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
21: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
22: 47 AES128-SHA 128 TLS1 Native AES SHA RSA
23: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
24: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
25: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
26: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA
27: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA
28: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA
29: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
30: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
31: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
32: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
33: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
34: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
35: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
36: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
37: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
38: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
39: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
40: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA
41: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA
42: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA
43: 106 DHE-DSS-AES256-SHA256 256 TLS1.2 Native AES SHA256 DHE/DSS
44: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA
45: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA
46: 162 DHE-DSS-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 DHE/DSS
47: 64 DHE-DSS-AES128-SHA256 128 TLS1.2 Native AES SHA256 DHE/DSS
48: 166 ADH-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ADH
49: 49201 ECDH-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDH_RSA
50: 49197 ECDH-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDH_ECDSA
51: 49193 ECDH-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDH_RSA
52: 49189 ECDH-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDH_ECDSA
