cipher suites

Question

Trying to remediate the F5 management vulnerabilities. 
removal ofTLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
For tls1.0 and tls1.1&nbsp;
list /sys httpd ssl-ciphersuite
 Any guidance?&nbsp;
thanks&nbsp;

only1masterbla1 · Answer

You can remove specific suit or protocol like this: 
HIGH:!TLSv1_2!&nbsp;
&nbsp;For detail, go thru the following articles:&nbsp;
K17370: Configuring the cipher strength for SSL profiles (12.x - 13.x)
https://support.f5.com/csp/article/K17370&nbsp;
K13163: SSL ciphers supported on BIG-IP platforms (11.x - 13.x)
https://support.f5.com/csp/article/K13163&nbsp;

only1masterbla1 · Answer

You may try something like this and check the resultant list:
tmm --clientciphers 'HIGH:!TLSv1_1:!TLSv1:!DTLSv1:!sslv3'&nbsp;

Forum Discussion

cipher suites

Recent Discussions

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

Related Content

Cipher Suite Practices and Pitfalls

Cipher Suites Supported (12.1.5.3)

Disabling Specific Weak Cipher Suites

Cipher suite mismatch advertisement/warning

SSL Profiles Part 4: Cipher Suites

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS