Cipher Rules and Groups (v14.1.0.2)

Question

Has anyone noticed any issues with cipher rules and cipher groups in v14.1.0.2?
For example, in the user comments from the following article, it was mentioned that on v13, when making a modification to cipher rules that the changes did not propagate (from my testing on v14.1.0.2, this issue appears to have been fixed)
https://devcentral.f5.com/articles/cipher-rules-and-groups-in-big-ip-v13-25200
From what I understand, the use of a cipher group is required for TLS1.3 (client side). You cannot specify a cipher suite string on the client SSL profile when you have TLS1.3 enabled. Is this correct?
Thanks

kai_wilke · Answer

Hi Michael,
haven't played with TLS1.3 on 14.1. yet, but it would make me wonder if you can't use a tailordered cipher suite string in combination with TLS1.3 anymore.
Take a look to K10251520 (click me) to get the latest information regarding TLS1.3 support. The article outlines the steps required to enable TLS1.3 on a SSL profile as well as the TLS1.3 related Cipher String values TLS13-AES128-GCM-SHA256 , TLS13-AES256-GCM-SHA384 and TLS13-CHACHA20-POLY1305-SHA256 ...
 tmm --clientciphers ALL | grep TLS13

Cheers, Kai

Forum Discussion

Cipher Rules and Groups (v14.1.0.2)

Recent Discussions

UCS backup not loading Big IP DNS pool

Application only need to access from 2 uris

XC Bot defense question

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

BIG-IP Oauth Client and AS

Related Content

Cipher Rules And Groups in BIG-IP v13

Cipher Suite Practices and Pitfalls

LTM Cipher rule

Disabling Weak Ciphers

Disable below cipher

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS