Forum Discussion

Dave_21103's avatar
Dave_21103
Icon for Nimbostratus rankNimbostratus
Jul 16, 2014

Default SSL Cipher Suite Reorder

In 11.4.1, does anyone know the syntax of the Ciphers field if we want to reorder the DEFAULT order? The DEFAULT order is RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC3-SHA, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-CBC-SHA, ECDHE-RSA-AES256-CBC-SHA, ECDHE-RSA-DES-CBC3-SHA. What is the syntax if want to reorder to have RC4-SHA last and put the ECDHE suites first?

 

  • Hi,

    the syntax is like this:

    ECDHE:AES256:AES128:DES:RC4+RSA
    

    as for me it's not a good idea to use weak ciphers like des* or rc4+rsa

  • Hi,

    the syntax is like this:

    ECDHE:AES256:AES128:DES:RC4+RSA
    

    as for me it's not a good idea to use weak ciphers like des* or rc4+rsa

  • Thanks Vitaliy. This is an example of the TMSH syntax we used to successfully modify the existing DEFAULT setting: modify ltm profile client-ssl www.test.com { ciphers ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-SHA256:AES256-SHA:AES128-SHA256 }