Forum Discussion
aaperson_255899
Nimbostratus
Nimbostratuschanging DEFAULT ciphers v14.x
In version 14.x, will be adding ciphers to the DEFAULT ciphers list to give traffic a way to communicate between the F5 LTM and real servers. (Have done the research discovered LTM and real servers weren't communicating because they had no ciphers in common. Planning on adding about 40 additional secure ciphers that the real servers are trying to use.)
I can't use a clientSSL or clientSSL/serverSSL profile because Performance Layer 4 with FastL4 doesn't allow SSL profiles. Using a Standard server is not an option.
What is the best way to do this? and will this work?
Thx
If you are using a PerfomanceL4/FastL4 Virtual Server, the BIGIP is not communicating TLS with the back end servers. The BIGIP in this case would be passing TCP traffic through from the client directly to the server. The TLS handshake would not involve the BIGIP so any changes to cipher lists on the BIGIP would be irrelevant.
If you are using a PerfomanceL4/FastL4 Virtual Server, the BIGIP is not communicating TLS with the back end servers. The BIGIP in this case would be passing TCP traffic through from the client directly to the server. The TLS handshake would not involve the BIGIP so any changes to cipher lists on the BIGIP would be irrelevant.
Your statement about lack of ciphers in common. If that is an error you are getting on either the client or the server, then that is where the lack of common ciphers exists. Since the handshake is done from client to back-end server and doesn't involve the BIGIP, you will need to modify the ciphers available on either the client or the back-end server. If that is not the issue, the question is much more broad than the information you've provided.
aaperson_255899What would be relevant to the lack of communication? Thanks for your quick response!