Cipher configuration

Question

Hello, I am trying to configure SSL client Profile version 12.1.2 including the next ciphers:&nbsp;
ECDHE_RSA_WITH_AES_128_CBC_SHA256&nbsp;
ECDHE_RSA_WITH_AES_256_CBC_SHA384&nbsp;
However I can find only: &nbsp;
ECDHE-RSA-AES128-CBC-SHA      
&nbsp;
ECDHE-RSA-AES256-CBC-SHA &nbsp;
neither SHA26 nor SHA384 in MAC. Any idea what I am doing wrong? I want to be sure cipher configuration is OK before configuring SSL offloading in LTM, because it is the current configuration for cipher suites.&nbsp;
Thank you,&nbsp;

kevin_k_51432 · Answer

Greetings,
It looks to me like the CBC is implied. After looking the cipher up online and doing a quick connection test, CBC was listed in the cipher suite. From my test session capture:
            Session ID Length: 32
            Session ID: 32e83402862ca8e61ab05c0bee75506daf4782b2fa83fe56...
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
            Compression Method: null (0)

Using:
tmm --clientciphers DEFAULT | grep -i ecdh | grep -i sha384
34: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES       SHA384  ECDHE_RSA

You could test on your end just to be sure 😃
Kevin

Forum Discussion

Cipher configuration

Recent Discussions

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

BIG-IP Edge Endpoint Inspection Failure pre-VPN

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

Cipher Suite Practices and Pitfalls

LTM Cipher rule

Cipher Suites Supported (12.1.5.3)

Disabling Specific Weak Cipher Suites

F5 BIG-IP Advanced WAF – DOS profile configuration options.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS