For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Travis_Collavo_'s avatar
Travis_Collavo_
Historic F5 Account
Jan 19, 2010

Cipher Strings

Hello,

 

 

I'm looking to see how LTM orders ciphers if you use the @SPEED option in your cipher string. If I use the openssl command to sort on @STRENGTH then I get a list that is as follows:

 

 

openssl ciphers 'ALL:@STRENGTH'

 

 

ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:ADH-DES-CBC3-SHA:DES-CBC3-MD5:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:ADH-RC4-MD5:RC2-CBC-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:ADH-DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-ADH-DES-CBC-SHA:EXP-ADH-RC4-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5

 

 

The @SPEED option produces an error, although this option is mentioned in the LTM config guide.

 

 

Does anyone know what the ciphers presented by LTM will be if you use the 'ALL:@SPEED' option in a clientSSL profile?

 

 

Thanks in advance,

 

Travis
config
design

2 Replies

  • Travis_Collavo_'s avatar
    Travis_Collavo_
    Historic F5 Account
    Jan 19, 2010
    OK I think I derived the answer based on a TMM command:

     

     

    tmm --clientciphers 'ALL:@SPEED'

     

     

    The above command should print all ciphers supported by TMM in order of speed. I'll post again if I interpreted this wrong.

     

  • Travis_Collavo_'s avatar
    Travis_Collavo_
    Historic F5 Account
    Jan 19, 2010
    Thanks Aaron.

     

     

    As an interesting aside, it looks like ciphers are ordered by speed by default, as the command "tmm --clientciphers 'ALL:@SPEED'" gives the same output as "tmm --clientciphers 'ALL'"

     

     

    Regards,

     

    Travis