Forum Discussion

crengifo_232216's avatar
crengifo_232216
Icon for Nimbostratus rankNimbostratus
Feb 01, 2018

Ciphers on profiles

Hi!

 

Maybe this is stupid question, but I need to know if a virtual server, with ssl server and client profiles, would have any issue if on the ssl client profile uses a particular cipher (let's say TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) and on the ssl server profile uses other cipher (also let's say TLS_RSA_WITH_AES_128_GCM_SHA256.)

 

On the client profile is using a cert issued by a CA, and the server (the real one) is using a self-signed cert (the server profile is ignoring this.) SSL renegotiation is disabled using iRule on the virtual server.

 

Thank you in advance.

 

  • There is no problem with that, actually is quite common. You can expose to the customer a strong clientssl profile where you enforce the most secure cipher string and in the server side as it may be consider a secure environment you can relax that policy by enforcing less consuming ciphers on your serverssl profile. Remember BIG-IP is a full proxy which means that client and server sides are different connections and that gives you a lot flexibility.