Forum Discussion

Nimbostratus

11 years ago

BigIP 11.6 HF4 + SSL ciphers

We've recently upgraded to 11.6 to eliminate Chrome's obsolete cryptography message. I have an iRule that is allowing me to perform Strict Transport Security (HSTS), allowing us to obtain an A+ rati...

Nimbostratus

10 years ago

This is an OLD discussion I know. I stumbled upon it by accident and thought to share my 2 cents.

I use this

ECDHE:DEFAULT:!DHE

simple cipher-suite string to get an A+ rating, with only the IE6/XP combination failing to connect (as it has no support for the TLS protocol).

What this cipher-suite string essentially does (over the default) is bring to front the ECDHE ciphers and dumps the DHE ciphers.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

BigIP 11.6 HF4 + SSL ciphers

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Re: BigIP Report

Cipher Suite Practices and Pitfalls

BigIP Report Old

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

LTM Cipher rule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS