Forum Discussion
Martin182
Nimbostratus
NimbostratusCipher Suites Supported (12.1.5.3)
Hi, I am trying to adjust the SSL profile of a service to get grade A in SSL Labs. The machine the virtual server runs on is: --- Sys::Version Main Package Product BIG-IP Version 12.1.5.3 Buil...
Hi Martin182,
No new cipher suites have been added for versions 12.1.4 and 12.1.5.
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-12-1-4.html#asm_rn_new
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-12-1-5.html#rn_newYou can view all ciphers with the following command from cli.
tmm --clientciphers allYou can use the "!DHE:!DH" string to remove DHE and DH key exchange parameters from the cipher suite. Or you can use only "ECDHE+AES-GCM" cipher suite.
Just check your ssl config, there is a cyhper config hidden under a Basic/advanced filter in the profile that might not be fully locked down.
I had something very simular. in v14. and it was more on the ssl config than what was supported.
Martin182Nimbostratus
NimbostratusYou mean the cipher rules/groups?, they are not available on this version, I think the first one to implement them is v13.
O, sorry i started my f5 works at late v13 straight into v14 about 2 months later.
So it looks like its a feature that's appeared in that time!