Forum Discussion
Sabir_Alvi
Altocumulus
AltocumulusBigip 11.2.1 - weak ciphers
I have BiGIP 11.2.1 in my test lab and below Cipher suite for SSL profile:
TLSv1_2:!SSLv3:!RC4-SHA:!3DES:!DH:!ADH:!EDH:!MD5:!EXPORT:!DES:@STRENGTH
However there are few open weak ciphers wh...
So the RSA cipher suite is being deprecated by testing tools like SSLLabs as they don't provide Forward Secrecy: SSL Labs Grading Update: Forward Secrecy, Authenticated Encryption and ROBOT
Running a version such as 11.2.1 in a production scenario raises so many more questions other than "how do I block this cipher?". There are a significant amount of vulnerabilities that have been discovered since this version was released, that have been fixed in later versions.
I would recommend patching to a later supported release at your earliest opportunity.
To answer your question, you could probably disable them, but I don't think that would leave all that many options for usable ciphers. You should test this thoroughly.
