Forum Discussion
BigIP 11.6 HF4 + SSL ciphers
By the way, it seems like you disabled everything except perhaps: ECDHE+AES-GCM.
That will break a lot of software out there.
Not all ciphers are considered weak.
I think disabling SSLv3, MD5 and RC4 should be enough to get you A+ rating.
Also, you should not adhere too strongly to SSLLabs rating.
You should only be concerned about the score based on how much strength you want, vs how much older software you wish to support. RC4 and SSLv3 are generally safe to disable, as most software in the last 10 or so years should be able to do fine without these.
Also, if you don't order the ciphers by Speed (@speed), then the LTM will always choose the strongest Cipher presented by the client that it also supports. I believe that if you order them by speed, then the LTM chooses the fastest Cipher that the client also supports, and not necessarily the strongest. This doesn't seem like what you want.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com