Cipher string for "fussy" server

Question

I am trying to connect to an https server, but cannot get it to accept the ciphers offered in the clientHello on the BigIP.&nbsp;
Would someone please help me with the cipher string to put in my serverssl profile? The bigip is running v11.1&nbsp;
According to openssl, the server supports the following ciphers:&nbsp;
 &nbsp;
  Supported Cipher(s):&nbsp;
    Accepted  TLSv1  128 bits  DHE-DSS-AES128-SHA&nbsp;
    Accepted  SSLv3  128 bits  DHE-DSS-AES128-SHA&nbsp;
    Accepted  SSLv3  168 bits  EDH-DSS-DES-CBC3-SHA&nbsp;
    Accepted  SSLv3  56 bits   EDH-DSS-DES-CBC-SHA&nbsp;
    Accepted  SSLv3  40 bits   EXP-EDH-DSS-DES-CBC-SHA&nbsp;
    Accepted  TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA&nbsp;
    Accepted  TLSv1  56 bits   EDH-DSS-DES-CBC-SHA&nbsp;
    Accepted  TLSv1  40 bits   EXP-EDH-DSS-DES-CBC-SHA&nbsp;
 &nbsp;
  Prefered Server Cipher(s):&nbsp;
    SSLv3  128 bits  DHE-DSS-AES128-SHA&nbsp;
    TLSv1  128 bits  DHE-DSS-AES128-SHA&nbsp;
 &nbsp;

nitass · Answer

i do not see DSS in ciphers supported list.&nbsp;
&nbsp;
sol13163: SSL ciphers supported by BIG-IP SSL profiles (11.x)&nbsp;
http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html&nbsp;

uni · Answer

Brilliant. Thanks nitass. We hopefully just need them to put certificates with RSA keys on the server.

Forum Discussion

Cipher string for "fussy" server

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Cipher Suite Practices and Pitfalls

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

Intermediate iRules: Handling Strings

Disable below cipher

LTM Cipher rule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS