Forum Discussion
AltostratusConfigure for legacy SSL cipher suite
LTM & ASM provisioned
Since the upgrade from 12.1.2 to 13.1.0.4 one of my customers has not been able to access their app.
The customer is using XP and Internet Explorer 8. When the upgrade happened, there was an adjustment of the types of ciphers used and some were taken off. One of the ones taken off used a 128 bit cipher suite and we would need a process of elimination to find out which one .. which isnt the problem. As the application, operating system needed and browser used are all legacy software, I am struggling to come up with options on how to add the missing cipher.
Any suggestions would be gratefully received.
1 Reply
natheCirrocumulus
Duncan,
What's your current client ssl configuration for the VIP (I assume this didn't change during the upgrade)? From this URL Wikipedia WXP and IE 8 only supports TLS 1.0, 3DES and RC4. In the "Default" SSL profiles in v12 there was a 3DES cipher, but this is no longer present in the "Default" profile for v13.
Once you've found the ciphers you need you would follow this link Configuring the cipher strength for SSL profiles to create the cipher string. For example, if you were using the default clientssl profile, then creating a new, custom, clientssl profile and amending the string to be 'DEFAULT:3DES:!ADH:!EXP:!SSLv3:!LOW' would add 3DES support. Would advise to be cautious though when adding less secure ciphers.
Hope this helps,
N
