Ciphers on profiles

Question

Hi!&nbsp;
Maybe this is stupid question, but I need to know if a virtual server, with ssl server and client profiles, would have any issue if on the ssl client profile uses a particular cipher (let's say TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) and on the ssl server profile uses other cipher (also let's say TLS_RSA_WITH_AES_128_GCM_SHA256.)&nbsp;
On the client profile is using a cert issued by a CA, and the server (the real one) is using a self-signed cert (the server profile is ignoring this.) SSL renegotiation is disabled using iRule on the virtual server.&nbsp;
Thank you in advance.&nbsp;

daniel_varela · Answer

There is no problem with that, actually is quite common. You can expose to the customer a strong clientssl profile where you enforce the most secure cipher string and in the server side as it may be consider a secure environment you can relax that policy by enforcing less consuming ciphers on your serverssl profile. Remember BIG-IP is a full proxy which means that client and server sides are different connections and that gives you a lot flexibility.

Forum Discussion

Ciphers on profiles

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Capture Virtual Server Clientssl Profile & Ciphers Mapping - Bash

SSL Profiles Part 4: Cipher Suites

Cipher Suites Supported (12.1.5.3)

Cipher Suite Practices and Pitfalls

TMOS script for updating SSL profile cipher group and TLS versions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS