Forum Discussion
advanx_66706
Nimbostratus
NimbostratusAES256-SHA256 SSL Cipher Suite
I'm sorry if this question is trivial.
I was referring to https://support.f5.com/kb/en-us/solutions/public/11000/400/sol11444.html and I would like to create new HTTPS monitor using AES256-SHA256. What should i put in the Cipher List?
I was guessing that it will be: DEFAULT:+SHA:+3DES:+kEDH:+AES256-SHA256: or DEFAULT:+SHA:+3DES:+kEDH:+AES:+SHA256. No?
BIG-IP 10.2.3
5 Replies
- nitass
Employee
i understand bigd uses openssl cipher. i do not see sha256 in cipher list.
[root@ve10a:Active] config tmsh show sys version|head Sys::Version Main Package Product BIG-IP Version 10.2.4 Build 855.0 Edition Hotfix HF9 Date Thu Oct 9 11:19:27 PDT 2014 Hotfix List [root@ve10a:Active] config openssl ciphers -v DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 
advanx_66706I'm a little bit confused here.
[root@LORD:Active] ~ tmsh show sys version Sys::Version Main Package Product BIG-IP Version 10.2.3 Build 123.0 Edition Hotfix HF1 Date Fri Dec 2 11:43:17 PST 2011 Hotfix List ID372804 ID372864 ID372590 [root@LORD:Active] ~ openssl ciphers -v DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 [root@LORD:Active] ~ tmm --clientciphers 'DEFAULT' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 5 RC4-SHA 128 SSL3 Native RC4 SHA RSA 1: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA 2: 5 RC4-SHA 128 TLS1.2 Native RC4 SHA RSA 3: 47 AES128-SHA 128 SSL3 Native AES SHA RSA 4: 47 AES128-SHA 128 TLS1 Native AES SHA RSA 5: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 6: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 7: 53 AES256-SHA 256 SSL3 Native AES SHA RSA 8: 53 AES256-SHA 256 TLS1 Native AES SHA RSA 9: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 10: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 11: 10 DES-CBC3-SHA 192 SSL3 Native DES SHA RSA 12: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA 13: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 14: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA 15: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 16: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA- nitassi understand bigd does not use cipher from tmm (tmm --clientciphers).
midhun_108442Hi,
Have u got the https monitor working for sha256?
Appreciate your response.
Regards, Midhun P.K
- boneyard
MVP
try opening a new question with what you tried and your BIG-IP version. also provide the input from openssl ciphers -v ?
