For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

HetmanG's avatar
HetmanG
Icon for Nimbostratus rankNimbostratus
Jan 10, 2024

Enabling ECDHE-ECDSA Ciphers TMOS 15.1.10.x

Hello, To meet security requirements, I am attempting to enable TLS 1.3 as well as turn off insecure ciphers including CBC Ciphers and all other insecure Ciphers.  I built a Cipher Group which inclu...
application delivery
Michael_Saleem's avatar
Michael_Saleem
Icon for MVP rankMVP
Jan 10, 2024

Your NMAP scan will only show ECDSA ciphers if you have an ECDSA SSL certificate terminated on the VIP. I suspect that you are using an RSA SSL certificate, which is why you will only see RSA based ciphers.

  • whisperer's avatar
    whisperer
    Icon for MVP rankMVP
    Feb 08, 2024

    I would markMichael_Saleemreply as the solution here.

    ECDSA ciphers require that the server has an ECC certificate. It is likely that you have only a RSA certificate though (which is the common case), which means that ECDSA ciphers will not be supported even if they are configured.