Forum Discussion

Rajendran2002_1

Nimbostratus

Jul 27, 2015

Assistance in cipher

Hi All Need assistance to enable below standards in SSL enabled VIP Standardize configuration for SSL enabled external sites to use industry best practices, such as: - Use only AES -256 ci...

Employee

Jul 27, 2015

So what you're looking at is the cipher string that makes up the DEFAULT stack on any given platform. For 11.2 the DEFAULT stack is:

NATIVE:!MD5:!EXPORT:!DES:!DHE:!EDH:@SPEED

which negated things like DES and MD5 but still supports SSLv3. At a minimum you'll want to extend this to negate SSLv2 and SSLv3:

DEFAULT:!SSLv2:!SSLv3

But your absolute best bet is to upgrade your system to at least 11.5.0 with all of the hotfixes.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Assistance in cipher

ICYMI - Steve Wozniak at AppWorld 2026

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Connections appear not to use Persistence

LB Connection Limit Detection Method

Partially reachabilty issues with VS in F5OS tenant

Forward proxy with SSL passthrough - SWG license required?

Need step-by-step guidance for migrating BIG-IP i2800 WAF to rSeries (UCS restore vs clean build)

Related Content

Introducing the F5 AI Assistant for BIG-IP

Cipher Suite Practices and Pitfalls

Re: Welcome to the F5 BIG-IP Migration Assistant

LTM Cipher rule

Introducing AI Assistant for F5 Distributed Cloud, F5 NGINX One and BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS