Forum Discussion
Disable DHE Ciphers - SSL Parent Profile
I'm currently running 11.6.0 on most of my devices and am looking to upgrade passed version 12.0 in the near future. Looking at the iHealth Upgrade Advisor, I need to disable DHE ciphers on all of my Server SSL Profiles before upgrading.
I added DEFAULT:!EXPORT:!DHE to one of my Server SSL Profiles and it is no longer getting flagged in iHealth. Can I add that string to the Server SSL parent profile, or do I have to add that to each profile individually? Will updating the parent profile have any adverse effects on my other profiles, or would the Cipher settings be the only thing that changes?
- Simon_BlakelyEmployee
F5 recommends that you do not modify a default profile (like the serverssl profile).
What you should do is create a new site-default server-ssl profile, and change the Parent Profile on all your existing server-ssl profiles to this new site-default profile.
Then (in future) is you need to modify a setting on all your server-ssl profiles, you can make that change on your site-default profile and pass it to all the child profiles.
You can override an inherited option in a child profile by setting the custom checkbox for a specific option.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com