Forum Discussion

Sudhir_381155's avatar
Sudhir_381155
Icon for Nimbostratus rankNimbostratus
Apr 22, 2019

AES_256_CBC is obsolete. Enable an AES-GCM based cipher suite.

Hi Team,

 

Could someone please help me in enabling AES-GCM based cipher suite. Version I am using is "BIG-IP 11.5.4 Build 2.0.291 Hotfix HF2

 

Do let me your thoughts or experience on doing this?

 

  • Hello Sudhir!

    You're probably having a hard time enabling because this cipher is not on the default list of ciphers on v11.5.4.

    You will have to edit your client/server ssl profile to add it to the possible ciphers to use. The paper K17370 explains how to do that. I believe, that your final cipher list on the client-ssl profile will be something like this:

    DEFAUL:AES-GCM
    

    Cheers! Rafael