For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kaloyan's avatar
Kaloyan
Icon for Cirrus rankCirrus
Mar 17, 2020
Solved

Certain Cipher suites are not shown in ssl server test

Hi, I am running version 15.1.0. I configured client-ssl profile with cipher group as I need to enable TLSv1.3 The cipher group has a rule which enables certain cipher suites only: TLSv1_3:ECDHE_E...
application delivery
ciphers
client-ssl profile
LTM
ssl
  • Kaloyan's avatar
    Kaloyan
    Mar 17, 2020

    Yes, they are properly assigned. When I change the CIpher rule which is:

    TLSv1_3:ECDHE_ECDSA+AES-GCM:ECDHE+AES-GCM:ECDHE+AES:ECDHE_ECDSA+CHACHA20-POLY1305:ECDHE+CHACHA20-POLY1305:!DHE+AES-GCM:!TLSv1:!TLSv1_1:!ECDHE+AES:@STRENGTH

     

    I see differencies when checking the ciphers but only ECDHE_ECDSA are not visible into the ssllabs.

    I even tried with openssl and sslscan tools via linux and didn't saw it as well....

    I just found out the reason. The certificate is created as RSA. which means :

    RSA: Specifies that the key is based on the RSA public key encryption algorithm.              

    So no ECDSA will be presented even allowed in the cipher suite....