Ciphers and F5

Question

We have recently been doing a lot of auditing which includes choosing TLS and ciphers that meet the criteria of our security team. I have a handle on the TLS but do I need to specific ciphers? If I am on the latest, or recent code, does F5 still hand out weak ciphers? If so, how to I identify what I should be allowing and how to nail it down to those? This isnt one of my strong areas, so I have been looking at all the articles online. But I am not sure what is safe and what isnt.

Jim

dario_garrido · Answer

Hello.&nbsp;This article will clarify all your doubtshttps://devcentral.f5.com/s/feed/0D51T00006aEjM9SAK&nbsp;Let me know if not.&nbsp;KR,Dario.

dario_garrido · Answer

BTW, that's the platform for testing your serverhttps://www.ssllabs.com/ssltest/&nbsp;Here there is some extra infohttps://devcentral.f5.com/s/feed/0D51T00006i7gqcSAA

jwlarger · Answer

It is a deep rabbit hole to dive down. I recommend https://devcentral.f5.com/s/articles/cipher-suite-practices-and-pitfalls-25564&nbsp;There are also several good lightboard lessons.

Forum Discussion

Ciphers and F5

Recent Discussions

UCS backup not loading Big IP DNS pool

Application only need to access from 2 uris

XC Bot defense question

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

BIG-IP Oauth Client and AS

Related Content

Cipher Suite Practices and Pitfalls

LTM Cipher rule

Cipher Suites Supported (12.1.5.3)

Disabling Specific Weak Cipher Suites

Cipher suite mismatch advertisement/warning

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS