Forum Discussion

Altostratus

Apr 05, 2023

Solved

Disabling Weak Ciphers

Hi Experts, We've been asked to disable the weak ciphers in F5 (12.1.2). Would like to seek help in getting the relevant ciphers disabled. Currently, it's configured as DEFAULT in SSL profiles. Sha...

application delivery

security

CA_Valli
Apr 17, 2023
I'm running v15.1.8 and the following matches.

DEFAULT:!TLSv1:!TLSv1_1:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-SHA256

I built it starting from DEFAULT:!TLSv1:!TLSv1_1 and excluding explicitly the suites from your comment that still were in the list. (I noticed there was 3 repetitions; also EDH-RSA-DES-CBC3-SHA did not show up in cipher rule so there was no need to specify it)

Sri_Narasimha_11

Altostratus

Apr 16, 2023

Hi CA_Valli

Sorry for the late reply. I've no issues in getting the supported cipher info via CLI (as provided above) but when I try to configure the below ciphers suites (Local Traffic -> Ciphers -> New Cipher Rule), I'm getting 'Cipher String is Invalid' error.

DEFAULT:!TLSv1:!TLSv1_1:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!EDH-RSA-DES-CBC3-SHA:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!EDH-RSA-DES-CBC3-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!EDH-RSA-DES-CBC3-SHA

Am I missing something? Can you please advise?

CA_Valli

MVP

Apr 17, 2023

I'm running v15.1.8 and the following matches.

DEFAULT:!TLSv1:!TLSv1_1:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-SHA256

I built it starting from DEFAULT:!TLSv1:!TLSv1_1 and excluding explicitly the suites from your comment that still were in the list. (I noticed there was 3 repetitions; also EDH-RSA-DES-CBC3-SHA did not show up in cipher rule so there was no need to specify it)

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Disabling Weak Ciphers

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Disabling Specific Weak Cipher Suites

How to disable weak cipher from Client SSL Profile

Disable below cipher

Disabling Ciphers

Lightboard Lessons: Choosing Strong vs Weak Ciphers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS