Forum Discussion
mc1903_137193
Sep 25, 2015Nimbostratus
Client SSL Profile Cipher...Disable DES-CBC3-SHA.
One of my sites has just be penetration tested and a low risk was identified.
The following weak ciphers were supported
Testing SSL server mysite.fqdn on port 443
Supported Server Cipher(s):
...
MVA
Sep 25, 2015Nimbostratus
You can disable in the client-ssl profile specific to the VIP or at the parent client-ssl profile by adding "!DES-CBC3-SHA" at the Ciphers section. i.e., "DEFAULT;!DES-CBC3-SHA". Then re-scan to confirm it's disabled or via openssl "openssl s_client -cipher 'DES-CBC3-SHA' -connect %IP%:443"
Hope that helps.
- mc1903_137193Sep 25, 2015NimbostratusThank you Mel. I have just tried your suggestion and I get the following error when I press update: 01070312:3: Invalid keyword 'des-cbc3-sha' in ciphers list for profile /Common/mysite-fqdn_client_ssl_profile Any thoughts what I have done wrong? Martin
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects