Cipher configuration

Question

Hello, I am trying to configure SSL client Profile version 12.1.2 including the next ciphers:&nbsp;
ECDHE_RSA_WITH_AES_128_CBC_SHA256&nbsp;
ECDHE_RSA_WITH_AES_256_CBC_SHA384&nbsp;
However I can find only: &nbsp;
ECDHE-RSA-AES128-CBC-SHA      
&nbsp;
ECDHE-RSA-AES256-CBC-SHA &nbsp;
neither SHA26 nor SHA384 in MAC. Any idea what I am doing wrong? I want to be sure cipher configuration is OK before configuring SSL offloading in LTM, because it is the current configuration for cipher suites.&nbsp;
Thank you,&nbsp;

kevin_k_51432 · Answer

Greetings,
It looks to me like the CBC is implied. After looking the cipher up online and doing a quick connection test, CBC was listed in the cipher suite. From my test session capture:
            Session ID Length: 32
            Session ID: 32e83402862ca8e61ab05c0bee75506daf4782b2fa83fe56...
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
            Compression Method: null (0)

Using:
tmm --clientciphers DEFAULT | grep -i ecdh | grep -i sha384
34: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES       SHA384  ECDHE_RSA

You could test on your end just to be sure 😃
Kevin

Forum Discussion

Cipher configuration

1 Reply

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

JSON Web Key Set Endpoint

Related Content

Cipher Suite Practices and Pitfalls

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

LTM Cipher rule

Disable below cipher

Breaking Down the Quantum Challenge: TLS Cipher Suite Vulnerabilities and FIPS Post-Quantum Standards Explained

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS