Forum Discussion

Nimbostratus

Apr 06, 2018

Change weak HMAC

We've got a 5250 running 11.6.1 and the security scan pinged for Weak Ciphers and MAC's. I have been able to reset the Ciphers to 128bit or better but none of the MAC's I've tried are acceptable. Whe...

Noctilucent

Apr 09, 2018

Hi,

did you try this out please,

tmsh modify sys sshd include "MACs "

Caution:

include

Warning: Do not use this parameter without assistance from the F5 Technical Support team. The system does not validate the commands issued using the include parameter. If you use this parameter incorrectly, you put the functionality of the system at risk.

Also happened to check on the below,

file - /var/run/config/sshd_config

 KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 MACS hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
 F5 - these are FIPS approved ciphers.
 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Change weak HMAC

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Terraform LTM provider - ICMP disabled on resulting VIPs

F5 LACP

SSLO Policy Condition - Server Certificate (Issuer DN)

How APM GET IOS UUID & Andriod MAC

Expired client-certificate

Related Content

HMAC

Disabling Weak Ciphers

Copilot’s Weakness, DeepSeek Data exposed, Backdoor in Contec CMS8000 & Apple's Zero-Day

Disabling Specific Weak Cipher Suites

High Performance HMAC Cookie Signing

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS