Forum Discussion

Nimbostratus

May 01, 2015

BigIP 11.6 HF4 + SSL ciphers

We've recently upgraded to 11.6 to eliminate Chrome's obsolete cryptography message. I have an iRule that is allowing me to perform Strict Transport Security (HSTS), allowing us to obtain an A+ rati...

Nimbostratus

Mar 17, 2016

This is an OLD discussion I know. I stumbled upon it by accident and thought to share my 2 cents.

I use this

ECDHE:DEFAULT:!DHE

simple cipher-suite string to get an A+ rating, with only the IE6/XP combination failing to connect (as it has no support for the TLS protocol).

What this cipher-suite string essentially does (over the default) is bring to front the ECDHE ciphers and dumps the DHE ciphers.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

BigIP 11.6 HF4 + SSL ciphers

Recent Discussions

Study Guides for 101 Exam

OWSAP Top 10 protection

F5 Transceiver Wavelength

F5 101 EXAM

F5 looses the token for the first call

Related Content

Re: BigIP Report

Cipher Suites Supported (12.1.5.3)

LTM Cipher rule

BigIP Report Old

Disabling Weak Ciphers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS