Forum Discussion
Sri_Narasimha_11
Altostratus
AltostratusDisabling Weak Ciphers
Hi Experts, We've been asked to disable the weak ciphers in F5 (12.1.2). Would like to seek help in getting the relevant ciphers disabled. Currently, it's configured as DEFAULT in SSL profiles. Sha...
I'm running v15.1.8 and the following matches.
DEFAULT:!TLSv1:!TLSv1_1:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-SHA256I built it starting from DEFAULT:!TLSv1:!TLSv1_1 and excluding explicitly the suites from your comment that still were in the list. (I noticed there was 3 repetitions; also EDH-RSA-DES-CBC3-SHA did not show up in cipher rule so there was no need to specify it)
Sri_Narasimha_11Altostratus
AltostratusHi CA_Valli
Sorry for the late reply. I've no issues in getting the supported cipher info via CLI (as provided above) but when I try to configure the below ciphers suites (Local Traffic -> Ciphers -> New Cipher Rule), I'm getting 'Cipher String is Invalid' error.
DEFAULT:!TLSv1:!TLSv1_1:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!EDH-RSA-DES-CBC3-SHA:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!EDH-RSA-DES-CBC3-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!EDH-RSA-DES-CBC3-SHA
Am I missing something? Can you please advise?
CA_Valli
MVP
MVPI'm running v15.1.8 and the following matches.
DEFAULT:!TLSv1:!TLSv1_1:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-SHA256
I built it starting from DEFAULT:!TLSv1:!TLSv1_1 and excluding explicitly the suites from your comment that still were in the list. (I noticed there was 3 repetitions; also EDH-RSA-DES-CBC3-SHA did not show up in cipher rule so there was no need to specify it)