For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vikram_23_27012's avatar
Vikram_23_27012
Icon for Nimbostratus rankNimbostratus
Oct 24, 2018

disable CBC cipher

Hi guys,   I tried to disable below cipher (customer requirement): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   even though I verified from cli that the configu...
application delivery
BIG-IP
LTM
Vikram_23_27012's avatar
Vikram_23_27012
Icon for Nimbostratus rankNimbostratus
Oct 25, 2018

I verified from below cmd:

tmm --clientciphers 'DEFAULT:!AES:!SHA:!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:ECDHE+AES-GCM:ECDHE+AES:-MD5:-SSLv3:-RC4:@STRENGTH:!SHA:!RSA+AES:!RSA:!AES128-CBC'

   ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX

0: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA

1: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA

2: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA

3: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA

the particular string is applied on the ssl profile

DEFAULT:!AES:!SHA:!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:ECDHE+AES-GCM:ECDHE+AES:-MD5:-SSLv3:-RC4:@STRENGTH:!SHA:!RSA+AES:!RSA:!AES128-CBC

and bound to the VIP