Forum Discussion
Default SSL Cipher Suite Reorder
In 11.4.1, does anyone know the syntax of the Ciphers field if we want to reorder the DEFAULT order? The DEFAULT order is RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC3-SHA, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-CBC-SHA, ECDHE-RSA-AES256-CBC-SHA, ECDHE-RSA-DES-CBC3-SHA. What is the syntax if want to reorder to have RC4-SHA last and put the ECDHE suites first?
Hi,
the syntax is like this:
ECDHE:AES256:AES128:DES:RC4+RSA
as for me it's not a good idea to use weak ciphers like des* or rc4+rsa
- Vitaliy_SavransNacreous
Hi,
the syntax is like this:
ECDHE:AES256:AES128:DES:RC4+RSA
as for me it's not a good idea to use weak ciphers like des* or rc4+rsa
- Dave_21103Nimbostratus
Thanks Vitaliy. This is an example of the TMSH syntax we used to successfully modify the existing DEFAULT setting: modify ltm profile client-ssl www.test.com { ciphers ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-SHA256:AES256-SHA:AES128-SHA256 }
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com