cipher suite in Big-IP equivalent to RSA_WITH_AES_256_CBC_SHA in Cisco ACE

Question

We are using a cipher suite as RSA_WITH_AES_256_CBC_SHA in our current cisco ACE setup. What is the equivalent cipher suite name i will have to use in the client-ssl profile configuration?&nbsp;

kharsma_176894 · Answer

'AES256-SHA' should do the trick for you &nbsp;
KHarsma&nbsp;

karthik_kumaran · Answer

Thanks.
Another clarification.
If i do a !RC4-SHA in the Cipher suite setting, does it disable all combinations of cipher suites containing RC4 and SHA separately, or just disables RC4-SHA ??? For instance does 'DHE-RSA-AES128-SHA' get disabled by using !RC4-SHA??&nbsp;

devbabu_174449 · Answer

Karthik you can check what being used by running the following command from CLI:
tmm --clientciphers 
tmm --serverciphers 
example:

tmm --clientciphers 'DEFAULT:!RC4-SHA'

kharsma_176894 · Answer

I can tell you in the case of "RC4-SHA" only the RC4 stream cipher is disabled. DevBabu is right though, you should validate the output of your string with tmm.&nbsp;
KHarsma&nbsp;

Forum Discussion

cipher suite in Big-IP equivalent to RSA_WITH_AES_256_CBC_SHA in Cisco ACE

4 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Request for Bug Tracker/Known Issues – BIG-IP Version 17.5.1.2

AST Configuration Assistance

Adding logging to APM per-request policy without SWG license

Single LTM with multiple GTM domains

License activation

Related Content

Cipher Suite Practices and Pitfalls

Breaking Down the Quantum Challenge: TLS Cipher Suite Vulnerabilities and FIPS Post-Quantum Standards Explained

LTM Cipher rule

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

Disable below cipher

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS