For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Johnde's avatar
Johnde
Icon for Cirrus rankCirrus
Apr 01, 2020
Solved

Ciphers for restricting traffic to TLS1.2

Hello team,

 

We want to disable all the lower TLS/SSL versions like SSLv3, TLS1.0 and TLS1.2 under client SSL profiles. I know i can easily do it through options list by enabling no SSLv3 etc. I know we can also achieve it using ciphers. I am looking for that Cipher string.

 

Does anyone have it? Please share it.

 

Thank you

BIG-IP
LTM
security
ssl
  • Mayur_Sutare's avatar
    Mayur_Sutare
    Apr 01, 2020

    Please try below string.

     

    ALL:!DHE:!ADH:!EXPORT:!SSLv2:!EXPORT40:!EXP:!LOW:!RC4:!SSLv3:!MEDIUM:!3DES:!RSA:!TLSv1:!TLSv1_1

     

    I've used this in my setup and it is working as expected. Hope it helps you too.

     

    Mayur

2 Replies

  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Apr 01, 2020

    Please try below string.

     

    ALL:!DHE:!ADH:!EXPORT:!SSLv2:!EXPORT40:!EXP:!LOW:!RC4:!SSLv3:!MEDIUM:!3DES:!RSA:!TLSv1:!TLSv1_1

     

    I've used this in my setup and it is working as expected. Hope it helps you too.

     

    Mayur

    • Johnde's avatar
      Johnde
      Icon for Cirrus rankCirrus
      Apr 01, 2020

      It worked as per expectations man. Thanks a lot!