Forum Discussion

Dave_21103's avatar
Dave_21103
Icon for Nimbostratus rankNimbostratus
Jul 16, 2014

Default SSL Cipher Suite Reorder

In 11.4.1, does anyone know the syntax of the Ciphers field if we want to reorder the DEFAULT order? The DEFAULT order is RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC3-SHA, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-CBC-SHA, ECDHE-RSA-AES256-CBC-SHA, ECDHE-RSA-DES-CBC3-SHA. What is the syntax if want to reorder to have RC4-SHA last and put the ECDHE suites first?

 

custom cipher
design
  • Vitaliy_Savrans's avatar
    Vitaliy_Savrans
    Jul 16, 2014

    Hi,

    the syntax is like this:

    ECDHE:AES256:AES128:DES:RC4+RSA

    as for me it's not a good idea to use weak ciphers like des* or rc4+rsa

  • Dave_21103's avatar
    Dave_21103
    Icon for Nimbostratus rankNimbostratus
    Jul 24, 2014

    Thanks Vitaliy. This is an example of the TMSH syntax we used to successfully modify the existing DEFAULT setting: modify ltm profile client-ssl www.test.com { ciphers ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-SHA256:AES256-SHA:AES128-SHA256 }

     

  • Vitaliy_Savrans's avatar
    Vitaliy_Savrans
    Icon for Nacreous rankNacreous
    Jul 16, 2014

    Hi,

    the syntax is like this:

    ECDHE:AES256:AES128:DES:RC4+RSA

    as for me it's not a good idea to use weak ciphers like des* or rc4+rsa