Block CBC

Question

Hi there,&nbsp;I'm having a challenge on Blocking entirely the CBC cipher.The ciphers I'm using are:ECDHE-RSA-AES128-GCM-SHA256ECDHE-RSA-AES128-SHA256ECDHE-RSA-AES256-GCM-SHA384ECDHE-RSA-AES256-SHA384ECDHE-ECDSA-AES128-GCM-SHA256ECDHE-ECDSA-AES256-GCM-SHA384ECDHE-ECDSA-AES256-SHA384ECDHE-ECDSA-CHACHA20-POLY1305-SHA256ECDHE-RSA-CHACHA20-POLY1305-SHA256ECDHE-ECDSA-AES128-SHA256&nbsp;The problem is that even the above ciphers are selected, the testing shows that the F5 can communicate with CBC.&nbsp;Any further configuration needed here&nbsp;Thank you&nbsp;A

amine_kadimi · Answer

Most of the ciphers used by the BIG-IP are CBC mode, even when they do not explicitly name it.All ciphers currently supported on BIG-IP are CBC mode except for AES-GCM and RC4.
Source: Removing CBC ciphers from the ClientSSL profile (f5.com)

Forum Discussion

Block CBC

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

CBC ciphers in relation to RFC7366 Encrypt-then-MAC

PowerShell to iRule AES-CBC conversation using random IV values

Block IP after a number of ASM Blocks

Block traffic

Response and blocking page

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS