Forum Discussion

Nimbostratus

Jan 10, 2024

Enabling ECDHE-ECDSA Ciphers TMOS 15.1.10.x

Hello, To meet security requirements, I am attempting to enable TLS 1.3 as well as turn off insecure ciphers including CBC Ciphers and all other insecure Ciphers. I built a Cipher Group which inclu...

application delivery

Michael_Saleem

MVP

Jan 10, 2024

Your NMAP scan will only show ECDSA ciphers if you have an ECDSA SSL certificate terminated on the VIP. I suspect that you are using an RSA SSL certificate, which is why you will only see RSA based ciphers.

whisperer

MVP

Feb 08, 2024

I would markMichael_Saleemreply as the solution here.

ECDSA ciphers require that the server has an ECC certificate. It is likely that you have only a RSA certificate though (which is the common case), which means that ECDSA ciphers will not be supported even if they are configured.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Enabling ECDHE-ECDSA Ciphers TMOS 15.1.10.x

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

HA Failover between two Datacenters

AST Configuration Assistance

Identify which virtual servers are using a specific SSL certificate

APM VPN LDAP POOL can't contact ldap server.

Users account sessions mixed up..

Related Content

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

Meeting the Federal Quantum Challenge: How F5 Enables Compliance with New Government Mandates

enable WebSocket profile.

Enable SAML Service Provider on F5 Distributed Cloud Application

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS