Forum Discussion

Nimbostratus

Apr 22, 2019

AES_256_CBC is obsolete. Enable an AES-GCM based cipher suite.

Hi Team, Could someone please help me in enabling AES-GCM based cipher suite. Version I am using is "BIG-IP 11.5.4 Build 2.0.291 Hotfix HF2 Do let me your thoughts or experience on doing th...

Cirrostratus

Apr 23, 2019

Hello Sudhir!

You're probably having a hard time enabling because this cipher is not on the default list of ciphers on v11.5.4.

You will have to edit your client/server ssl profile to add it to the possible ciphers to use. The paper K17370 explains how to do that. I believe, that your final cipher list on the client-ssl profile will be something like this:

DEFAUL:AES-GCM

Cheers! Rafael

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

AES_256_CBC is obsolete. Enable an AES-GCM based cipher suite.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

I'm Sorry Sir, You're Obsolete

F5 predicts: The dumb firewall will become obsolete

CPU Increase when enabling AES-GCM

RSA key exchange is obsolete. Enable an ECDHE-based cipher suite

Chrome: Your connection is encrypted with obsolete cryptography with 10.2.4HF11 LTM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS