Forum Discussion

Nimbostratus

Oct 24, 2018

disable CBC cipher

Hi guys, I tried to disable below cipher (customer requirement): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 even though I verified from cli that the configu...

Employee

Oct 25, 2018

A few thoughts.

It might be an anomalous indication. You could actually test for CBC support with a cURL request using a CBC cipher (only).
Given that you're specifying a very small, specific set of ciphers, it might be easier to simply list these in the cipher string:
```
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
```

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

disable CBC cipher

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 BIG IP laboratory license

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Disable below cipher

Disabling Weak Ciphers

Disabling Specific Weak Cipher Suites

CBC ciphers in relation to RFC7366 Encrypt-then-MAC

Disabling Ciphers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS