Cipher Rule for just for TLS1.3
I'm running 15.0.1 on a pair for 2000s and I was trying to put a Cipher rule that just encompassed TLS1.3 so I can include with my other ciphers in a group. Seems like I can only do 1.3 with TLS13-AES128-GCM-SHA256 and TLS13-AES256-GCM-SHA384, but I can't seem to shave off all the other included ciphers with my attempts. I really feel like I'm doing this wrong. Our security team wants to depreciate TLS1.1 and lower and I just want to make sure we are looking forward until TLS1.3 becomes more widely used.
Please help.
Here is what I have: AES-GCM:!DHE:!ECDHE:!ADH:!SSLv3:!TLSv1:!TLSv1_1:!ADH:!DHE:!RC4:!DES:!3DES:!MD5:!SHA:!RSA+AES:!RSA
- ECDH-RSA-AES128-GCM-SHA256/TLS1.2
- ECDH-RSA-AES256-GCM-SHA384/TLS1.2
- ECDHE-ECDSA-AES128-GCM-SHA256/TLS1.2
- ECDHE-ECDSA-AES256-GCM-SHA384/TLS1.2
- ECDH-ECDSA-AES128-GCM-SHA256/TLS1.2
- ECDH-ECDSA-AES256-GCM-SHA384/TLS1.2
- DHE-DSS-AES128-GCM-SHA256/TLS1.2
- DHE-DSS-AES256-GCM-SHA384/TLS1.2
- TLS13-AES128-GCM-SHA256/TLS1.3
- TLS13-AES256-GCM-SHA384/TLS1.3
ltm cipher rule mozilla_modern_cipher_rule_v14 {
cipher TLSv1_3
dh-groups DEFAULT
signature-algorithms DEFAULT
}
This works for me in BIG-IP 14.1.x