Forum Discussion

Nimbostratus

Jun 14, 2017

Block Ciphers F5 LTM

Hello, I want to block specific ciphers on my LTM. We use a common SSL client profile for a good chunk of our sites/subdomains. Below are the two ciphers I want to block (SSL Labs reports them as wea...

Cirrocumulus

Jun 14, 2017

The first thing you need to understand is the fact that the "DEFAULT" changes between versions. If you update the F5 to 12.1.2, it will probably have a default that has removed the ciphers that are considered weak today.

Secondly, no need to guess, as you can test the behaviour without applying the change. If you do this commands:

tmm --clientciphers "DEFAULT:!SSLv3:!RC4"
tmm --clientciphers "DEFAULT:!SSLv3:!RC4:!3DES"

And compare the output, you know which ciphers were removed.

Lastly, some solutions to explain you a little bit more:

https://support.f5.com/csp/article/K13156

https://support.f5.com/csp/article/K13163

Or the main solution for SSL profiles:

https://support.f5.com/csp/article/K8802

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

CIS

container ingress services

devops

Gateway Fabric

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Block Ciphers F5 LTM

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Use F5 APM as Forward Proxy

Forward proxy with SSL passthrough - SWG license required?

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

Related Content

LTM Cipher rule

Cipher Suite Practices and Pitfalls

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

Disable below cipher

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS