Forum Discussion
NimbostratusBlock CBC
Hi there,
I'm having a challenge on Blocking entirely the CBC cipher.
The ciphers I'm using are:
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-ECDSA-CHACHA20-POLY1305-SHA256
ECDHE-RSA-CHACHA20-POLY1305-SHA256
ECDHE-ECDSA-AES128-SHA256
The problem is that even the above ciphers are selected, the testing shows that the F5 can communicate with CBC.
Any further configuration needed here
Thank you
A
1 Reply
Amine_KadimiMVP
Most of the ciphers used by the BIG-IP are CBC mode, even when they do not explicitly name it.
All ciphers currently supported on BIG-IP are CBC mode except for AES-GCM and RC4.Source: Removing CBC ciphers from the ClientSSL profile (f5.com)
