Forum Discussion
Danny_Arroyo
Cirrus
CirrusEnabling "Honor Cipher Order" on F5 LTM v12.X
Our SSL sites are receiving F's on ssllabs. The main reason is that we are vulnerable to the ROBOT vulnerability (We are upgrading from 12.1.1 to 12.1.3.4 tonight).
However another issue we ...
Danny_ArroyoCirrus
CirrusThanks for the information Boneyard. I did read through those links before opening this discussion. However, I'm still not clear on how to create my own cipher suite.
I am looking to create a custom "DEFAULT" cipher suite, lets say "MYDEFAULT". So that I can use it in all my client and/or ssl Profiles.
Does anyone have any information on how to do this?
Or how can I add the following ciphers to a client ssl profile while keeping the order:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
Any Help is appreciated