Forum Discussion

Nimbostratus

May 01, 2015

BigIP 11.6 HF4 + SSL ciphers

We've recently upgraded to 11.6 to eliminate Chrome's obsolete cryptography message. I have an iRule that is allowing me to perform Strict Transport Security (HSTS), allowing us to obtain an A+ rati...

Nimbostratus

Mar 17, 2016

This is an OLD discussion I know. I stumbled upon it by accident and thought to share my 2 cents.

I use this

ECDHE:DEFAULT:!DHE

simple cipher-suite string to get an A+ rating, with only the IE6/XP combination failing to connect (as it has no support for the TLS protocol).

What this cipher-suite string essentially does (over the default) is bring to front the ECDHE ciphers and dumps the DHE ciphers.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

BigIP 11.6 HF4 + SSL ciphers

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Re: BigIP Report

Cipher Suites Supported (12.1.5.3)

LTM Cipher rule

BigIP Report Old

Disabling Weak Ciphers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS