Custom cihper suite for ClientSSL Profile

Question

Hello Folks,
I want to use a custom set of ciphers in my ClientSSL Profile. I have gone through the document of F5, how can disallow ciphers by putting !
However I have a requirement that I need to use only 2 cipher suites such as AES128-SHA256 &amp; AES256-SHA256 and rest should be deny. How can I deny remaining cipher suites by allowing only the required one?
Any help is appreciated.
Cheers!
Darshan

nitass · Answer

e.g.
[root@ve11a:Active:In Sync] tmp  tmm --clientcipher aes128-sha256:aes256-sha256:@strength
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0:    61  AES256-SHA256                    256  TLS1.2  Native  AES     SHA256  RSA
 1:    60  AES128-SHA256                    128  TLS1.2  Native  AES     SHA256  RSA

vitaliy_savrans · Answer

or from GUI
Local Traffic  ››  Profiles &gt;&gt; SSL &gt;&gt; Client &gt;&gt; Profile_Name (advance mode)&gt;&gt; Ciphers
aes256-sha256:aes128-sha256

system will promt ciphers in order to input string at first aes256 then aes128

vitaliy_savrans · Answer

nice tool to test ssl configuration https://www.ssllabs.com/ssltest/

swo0sh_gt_13163 · Answer

Would this disable other ciphers suites from being used?&nbsp;

swo0sh_gt_13163 · Answer

Also, will it be any downfall?&nbsp;

Forum Discussion

Custom cihper suite for ClientSSL Profile

Recent Discussions

SSL bridging without SSL proxy forward

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

Should config via cli rather than gui?

Related Content

limit to number of clientssl profiles

Make a copy of all existing clientssl profiles requiring TLS1.2

BASH Script to find ClientSSL's mapped to Virtual Servers

CLIENTSSL - iRule

Update your DevCentral user profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS