Enabling "Honor Cipher Order" on F5 LTM v12.X

Forgive my lack of knowledge in this area. I have gained a much better understanding of how these ciphers work in the F5 and in general by reading through these links. Also I did find the F5 documentation that said "CHACHA" was not supported. Thanks again for the info.

But let me explain another way. Our Directory of Security wants me to allow only the following ciphers, in this order:

ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

The reason is that when we test with SSLlabs, it shows our ciphers are in order from weakest to strongest. He wants it to be reverse (as in the list above).

Are you saying that I can add that list to any of my client_ssl profiles (under Ciphers)? If so, can I do something like ":DEFAULT"?

I'm testing by using the 'tmm --clientciphers (high|native|default)' command with the @strength added (and other options), but I can never get the list to come out in the order on the list above.

I'm not getting any errors, the issue is the order of my ciphers doesn't match the list above. I'm starting to believe that this cant be done.

Thanks again.