Forum Discussion

Kaloyan's avatar
Kaloyan
Icon for Cirrus rankCirrus
Mar 17, 2020

Certain Cipher suites are not shown in ssl server test

Hi, I am running version 15.1.0. I configured client-ssl profile with cipher group as I need to enable TLSv1.3 The cipher group has a rule which enables certain cipher suites only: TLSv1_3:ECDHE_E...
application delivery
ciphers
client-ssl profile
LTM
ssl
  • Kaloyan's avatar
    Kaloyan
    Mar 17, 2020

    Yes, they are properly assigned. When I change the CIpher rule which is:

    TLSv1_3:ECDHE_ECDSA+AES-GCM:ECDHE+AES-GCM:ECDHE+AES:ECDHE_ECDSA+CHACHA20-POLY1305:ECDHE+CHACHA20-POLY1305:!DHE+AES-GCM:!TLSv1:!TLSv1_1:!ECDHE+AES:@STRENGTH

     

    I see differencies when checking the ciphers but only ECDHE_ECDSA are not visible into the ssllabs.

    I even tried with openssl and sslscan tools via linux and didn't saw it as well....

    I just found out the reason. The certificate is created as RSA. which means :

    RSA: Specifies that the key is based on the RSA public key encryption algorithm.              

    So no ECDSA will be presented even allowed in the cipher suite....

Kaloyan's avatar
Kaloyan
Icon for Cirrus rankCirrus
Mar 17, 2020

Yes, they are in place

  • Lidev's avatar
    Lidev
    Icon for MVP rankMVP
    Mar 17, 2020

    Group ciphers\ cipher suites are well assigned to the SSL Client profile ? and the SSL profile to the Virtual Server ?