Forum Discussion
NimbostratusEdge Client Cipher Suite
When a SSL client profile is created, you have the ability to define the ciphers that you want the client to be able to use. The DEFAULT suite uses TLS 1.0, 1.1 and 1.2.
On my workstation (Control Panel; Internet Options; Advanced) I configured the internet properties to only allow TLS 1.0, however the Edge client connected using TLS 1.2
Would this imply that the Cipher Suite available to the Edge Client is built-in to the software as opposed to using what is supported by Windows?
Thanks
APM 11.5.1 latest Edge Client
3 Replies
Steve_M__153836Each browser is going to have its own cipher suite preference. Someone else posted this link in a thread I can't remember, but it will tell you what your browser's cipher suite order is: https://cc.dcsec.uni-hannover.de/. Changing something in Windows might override IE from a client perspective, or customize what IIS will present. However, each browser is going to have its own cipher suite order. I think modern browsers will also always try TLS 1.2 first, but I'm not sure about that.
David_G__33241My question is about connecting with the Edge Client. The DEFAULT Cipher Suite supports TLS only. If I disable TLS 1.0, 1.1 and 1.2 in Windows I am unable to establish a connection to the Big-ip using the Edge client - this would imply that the Edge client leverages the Windows security configuration. However, if I enable TLS 1.0 in Windows, then the Edge client DOES connect and it reports the protocol as being TLS 1.2 - this would imply that the cipher suite is built-in the Edge client. I'm trying to understand the mechanics of this...- Steve_M__153836Couln't find much documentation for this, but you could try turning on verbose logging for the client and see if you get anything useful in the logs. http://support.f5.com/kb/en-us/solutions/public/12000/600/sol12639.html?sr=45847447
