Forum Discussion

Nimbostratus

Feb 12, 2010

best practice for ssl ciphers

hi everyone we've recently had a security audit and the report has recommended that we disable the following ciphers: EXP-DES-CBC-SHA EXP-RC2-CBC-MD5 EXP-RC4-MD5 ...

config

design

L4L7_53191

Nimbostratus

Feb 15, 2010

One thing to note: explicitly setting ciphers can affect the BigIP's ability to offload to hardware, which means you could potentially take a CPU hit. Here are some solutions for you to reference. It also may be worth confirming with support on this for the most recent info.

Cipher Overviews (basically a bunch of links to other solutions of value for SSL):

https://support.f5.com/kb/en-us/solutions/public/8000/800/sol8802.html

Fully accelerated Ciphers:

https://support.f5.com/kb/en-us/solutions/public/5000/700/sol5791.html

-Matt

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

best practice for ssl ciphers

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Cipher Suite Practices and Pitfalls

AS3 Best Practice

F5 Certified Practice Exams

Security Best Practices for F5 Products

Five Ways to Automate F5OS with Ansible: A Practical Guide

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS