Forum Discussion

Nimbostratus

Sep 12, 2023

Solved

Cipher Suites Supported (12.1.5.3)

Hi, I am trying to adjust the SSL profile of a service to get grade A in SSL Labs. The machine the virtual server runs on is: --- Sys::Version Main Package Product BIG-IP Version 12.1.5.3 Buil...

security

Enes_Afsin_Al
Sep 12, 2023
Hi Martin182,

No new cipher suites have been added for versions 12.1.4 and 12.1.5.

https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-12-1-4.html#asm_rn_new
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-12-1-5.html#rn_new

You can view all ciphers with the following command from cli.

tmm --clientciphers all

You can use the "!DHE:!DH" string to remove DHE and DH key exchange parameters from the cipher suite. Or you can use only "ECDHE+AES-GCM" cipher suite.

PSFletchTheTek

MVP

Just check your ssl config, there is a cyhper config hidden under a Basic/advanced filter in the profile that might not be fully locked down.

I had something very simular. in v14. and it was more on the ssl config than what was supported.

Martin182

Nimbostratus

Sep 13, 2023

You mean the cipher rules/groups?, they are not available on this version, I think the first one to implement them is v13.

PSFletchTheTek
MVP
Sep 14, 2023
O, sorry i started my f5 works at late v13 straight into v14 about 2 months later.
So it looks like its a feature that's appeared in that time!

Forum Discussion

Cipher Suites Supported (12.1.5.3)

Recent Discussions

iRule resulting in too many redirects

When F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost

cat and grep command for rst messages

iControl for Gtm wideip

Telemetry streaming to Elasticsearch

Related Content

Cipher Suite Practices and Pitfalls

Support and Help for DevCentral and Offline Contact

LTM Cipher rule

Cipher suite mismatch advertisement/warning

Disabling Weak Ciphers