Forum Discussion

Nimbostratus

Jan 31, 2018

Cipher string to block RSA but not ECDHE+RSA ciphers

Hi, A novice here. As per recent OpenSSL report, RSA ciphers are being termed as weak. E.g.: TLS_RSA_WITH_AES_256_GCM_SHA384 However ECDHE with RSA still stay strong. E.g.: T...

Ret. Employee

Feb 03, 2018

You can add !RSA to your cipher suit. It will block RSA key exchange only and will not affect any ECDHE_RSA cipher. You can check resulting ciphers running: tmm --clientciphers 'your_cipher_string'

https://support.f5.com/csp/article/K15194