Forum Discussion

Vivek_Datta_263

Icon for Nimbostratus rank

Nimbostratus

Jan 31, 2018

Cipher string to block RSA but not ECDHE+RSA ciphers

Hi,

A novice here.

As per recent OpenSSL report, RSA ciphers are being termed as weak.

E.g.: TLS_RSA_WITH_AES_256_GCM_SHA384

However ECDHE with RSA still stay strong.

E.g.: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Is there a way to update my cipher string which would block RSA ciphers but not ECDHE RSA ones?

Thanks.

Surgeon
Ret. Employee
Feb 03, 2018
You can add !RSA to your cipher suit. It will block RSA key exchange only and will not affect any ECDHE_RSA cipher. You can check resulting ciphers running: tmm --clientciphers 'your_cipher_string'

https://support.f5.com/csp/article/K15194
Vivek_Datta_263
Nimbostratus
May 03, 2019
Thanks!

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming