Custom cipher suite

I've reviewed it. Just want to confirm validity of this document vs the current SSL recommendations as it was still published last 2015.

The SSL Labs list of ciphers to include and the order of priority is certainly the most accurate and updated.

DEFAULT is set to the best balance of security and performance at the time of a given release. DEFAULT is updated with each release of TMOS. The Recommended Practices Guide covers how to customize the cipher string to meet updated standards as indicated by SSL Labs or other standards-setting bodies.

Please check the section "Fine-Tuning Data Protection" starting on page 8 on how to build a cipher string to create the list of ciphers in your original post.

Based of the instruction, I see that it requires me to access F5 via SSH to enter this commands. I wonder if there's a way to do it via GUI? I am not too comfortable doing this via SSH.

Also, the exact instruction looks to be vague. BTW, as a reference, my F5 is currently running under 12.1.2 HF2.

BTW, I tried the one mentioned in the instruction stating:

The DEFAULT cipher string included in BIG-IP version 12.0 will yield a B grade but offers full hardware acceleration. To get that coveted A+ grade, an administrator would need to have a fairly restrictive cipher list. For example “!SSLv3:!DHE:ECDHE:RSA+HIGH” will get an A grade on SSL labs but would require every user to have a very recent browser.

However, the result gave me a Grade C rating.