Forum Discussion

Nimbostratus

Jan 10, 2024

Enabling ECDHE-ECDSA Ciphers TMOS 15.1.10.x

Hello, To meet security requirements, I am attempting to enable TLS 1.3 as well as turn off insecure ciphers including CBC Ciphers and all other insecure Ciphers. I built a Cipher Group which inclu...

application delivery

Michael_Saleem

MVP

Your NMAP scan will only show ECDSA ciphers if you have an ECDSA SSL certificate terminated on the VIP. I suspect that you are using an RSA SSL certificate, which is why you will only see RSA based ciphers.

whisperer

MVP

Feb 08, 2024

I would markMichael_Saleemreply as the solution here.

ECDSA ciphers require that the server has an ECC certificate. It is likely that you have only a RSA certificate though (which is the common case), which means that ECDSA ciphers will not be supported even if they are configured.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Enabling ECDHE-ECDSA Ciphers TMOS 15.1.10.x

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Enable SAML Service Provider on F5 Distributed Cloud Application

Enabling F5 Distributed Cloud Fraud and Risk Solutions with ForgeRock Connector

Enable telnet on SSH

enable WebSocket profile.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS