Equivalent to SSLHonorCipherOrder on F5 LTM

Question

Hi,&nbsp;
I aim wondering whether there is an equivalent setting for the F5 LTM Load balancing for 
SSLHonorCipherOrder&nbsp;
http://httpd.apache.org/docs/2.2/mod/mod_ssl.htmlsslhonorcipherorder&nbsp;
"
SSLHonorCipherOrder&nbsp;
When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the client's preference is used. If this directive is enabled, the server's preference will be used instead."&nbsp;
Is this an option, or is the Server's cipher preference order the default?&nbsp;
Thanks&nbsp;

brad_parker · Answer

I believe F5 will choose the first matched cipher in the defined cipher suite that matches the highest level of encryption the client supports in the hello. This is why you can specify @strength, @speed, or your own ordering to beat fit your needs of strength versus SSL TPS. https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15292.html

brad_parker · Answer

There actually is an option that is equivalent, its called "Cipher server preference", and can be set in the client_ssl via the options list. This applies for clients that can only negotiate SSLv3/TLS1.

Forum Discussion

Equivalent to SSLHonorCipherOrder on F5 LTM

2 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

rSeries Configuration Backup

Questions on Migrating configs from iSeries to RSeries F5s

AST Configuration help

reading Client SSL Profile details via Ansible

Raise your hand if you'll be at AppWorld 2026

Related Content

The State Of HTTP/2 With F5 LTM

LTM Policy

iControl REST Cookbook - LTM policy (ltm policy)

TMSH equivalent command for virtual count

Load Balancing Omnissa Unified Access Gateway with BIG-IP LTM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS