Forum Discussion
Cipher Suites Supported (12.1.5.3)
- Sep 12, 2023
Hi Martin182,
No new cipher suites have been added for versions 12.1.4 and 12.1.5.
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-12-1-4.html#asm_rn_new
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-12-1-5.html#rn_newYou can view all ciphers with the following command from cli.
tmm --clientciphers all
You can use the "!DHE:!DH" string to remove DHE and DH key exchange parameters from the cipher suite. Or you can use only "ECDHE+AES-GCM" cipher suite.
Hi Martin182,
No new cipher suites have been added for versions 12.1.4 and 12.1.5.
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-12-1-4.html#asm_rn_new
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-12-1-5.html#rn_new
You can view all ciphers with the following command from cli.
tmm --clientciphers all
You can use the "!DHE:!DH" string to remove DHE and DH key exchange parameters from the cipher suite. Or you can use only "ECDHE+AES-GCM" cipher suite.
Hi Enes, first of all thank you for your reply 🙂
You mean to enter as string in the ciphers field only ECDHE+AES-GCM right ?
My current string is:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256
But I don't know why only 6 of them appear in the SSL Labs test and not all 8.
- Sep 12, 2023
Hi,
When you enter "ECDHE+AES-GCM", the following cipher suites match:
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384
You cannot view cipher suites containing ECDSA ciphers on ssllabs. Because the signature algorithm of the SSL Certificate is RSA.
ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256
K10340213: ECDSA ciphers not being shown at SSLabs test
https://my.f5.com/manage/s/article/K10340213- Martin182Sep 12, 2023Nimbostratus
Okay, thanks again.
I need to think about which configuration to apply, the ECDHE+AES-GCM option leaving only 2 cipher suites might be too restrictive as it is a service accessed by a large number of clients.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com