Forum Discussion

Altocumulus

Feb 16, 2018

Bigip 11.2.1 - weak ciphers

I have BiGIP 11.2.1 in my test lab and below Cipher suite for SSL profile: TLSv1_2:!SSLv3:!RC4-SHA:!3DES:!DH:!ADH:!EDH:!MD5:!EXPORT:!DES:@STRENGTH However there are few open weak ciphers wh...

MVP

Feb 16, 2018

So the RSA cipher suite is being deprecated by testing tools like SSLLabs as they don't provide Forward Secrecy: SSL Labs Grading Update: Forward Secrecy, Authenticated Encryption and ROBOT

Running a version such as 11.2.1 in a production scenario raises so many more questions other than "how do I block this cipher?". There are a significant amount of vulnerabilities that have been discovered since this version was released, that have been fixed in later versions.

I would recommend patching to a later supported release at your earliest opportunity.

To answer your question, you could probably disable them, but I don't think that would leave all that many options for usable ciphers. You should test this thoroughly.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Bigip 11.2.1 - weak ciphers

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Cipher Suite Practices and Pitfalls

Re: BigIP Report

BigIP Report Old

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

LTM Cipher rule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS