Forum Discussion
AltostratusCustom cihper suite for ClientSSL Profile
Hello Folks,
I want to use a custom set of ciphers in my ClientSSL Profile. I have gone through the document of F5, how can disallow ciphers by putting
!However I have a requirement that I need to use only 2 cipher suites such as
AES128-SHA256 & AES256-SHA256Any help is appreciated.
Cheers! Darshan
8 Replies
- nitass
Employee
e.g.
[root@ve11a:Active:In Sync] tmp tmm --clientcipher aes128-sha256:aes256-sha256:@strength ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 1: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 
Vitaliy_SavransNacreous
or from GUI
Local Traffic ›› Profiles >> SSL >> Client >> Profile_Name (advance mode)>> Ciphers aes256-sha256:aes128-sha256system will promt ciphers in order to input string at first aes256 then aes128
- Vitaliy_Savransnice tool to test ssl configuration https://www.ssllabs.com/ssltest/
swo0sh_gt_13163Would this disable other ciphers suites from being used?
- swo0sh_gt_13163
Also, will it be any downfall?
EmadCirrostratus
If implemented, LTM will only Do SSL handshake with these ciphers,
- swo0sh_gt_13163
Thank you all! Much much appreciated!!
- swo0sh_gt_13163
Thank you all! It worked exactly as expected.
For internal test, I have used wireshark and verified the server side cipher suite.
For external test, as suggested above, sslabs is always helpful.
Thank you again,
