Forum Discussion

NetworkTeam_178's avatar
NetworkTeam_178
Icon for Nimbostratus rankNimbostratus
Feb 11, 2016

Cipher Suite Ordering

I need to order my ciphers in a very specific way. Using this command 'tmm --clientciphers 'ECDHE+AES-GCM:ECDHE+AES:' I get; ID SUITE BITS PROT METHOD CIP...
BIG-IP
cipher
LTM
openssl
security
NetworkTeam_178's avatar
NetworkTeam_178
Icon for Nimbostratus rankNimbostratus
Feb 11, 2016

Apologies, copy and paste was wrong!

 

This is the list I currently have;

 

  1. 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
  2. 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
  3. 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
  4. 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
  5. 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
  6. 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
  7. 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
  8. 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
  9. 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
  10. 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
  11. 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
  12. 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
  13. 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
  14. 53 AES256-SHA 256 DTLS1 Native AES SHA RSA

This is the list I require for a customer who is adamant they want the list as below;

 

  1. ECDHE-RSA-AES256-GCM-SHA384
  2. ECDHE-RSA-AES128-GCM-SHA256
  3. ECDHE-RSA-AES256-SHA384
  4. ECDHE-RSA-AES128-SHA256
  5. ECDHE-RSA-AES256-CBC-SHA
  6. ECDHE-RSA-AES128-CBC-SHA
  7. AES256-GCM-SHA384
  8. AES128-GCM-SHA256
  9. AES256-SHA256
  10. AES128-SHA256
  11. AES256-SHA
  12. AES128-SHA

Which means moving line 5 in the first list, up to line 3 so that the CBC-SHA ciphers are grouped together. I can then remove the two entries in the top list easy enough, the question is mainly about ordering the list.