Exact syntax for SSL ciphers

Question

Hi,&nbsp;
Trying to help a coworker with an SSL Client profile request with custom ciphers.
So far I have been able to see the ciphers supported on F5 but not the exact syntax when you configure them.&nbsp;
I checked the TMSH manual and did some searching on KB but all i find are strengths of ciphers and so on - nothing on the way the ciphers have to be written (i.e : TLS1.2 is TLSv_1.2)&nbsp;
Apologies in advance if I missed something obvious.&nbsp;

iainthomson85_1 · Answer

The best thing to do - is view the ciphers that are currently in use via CLI.&nbsp;
How its displayed in the CLI (Bash) is how it should be put into the Client SSL Profile (I'm assuming that's where you want to disable them)&nbsp;
Alternatively the Client SSL profile also gives you options to do things the easy way like "Disable all SSL Ciphers" under the options section...&nbsp;

alin_olar_24603 · Answer

The Problem is i want to add ciphers , not remove them.
Hence the issue with knowing the syntax.&nbsp;

iainthomson85_1 · Answer

What Cipher do you want to use ? 
Ciphers are included in the version of OpenSSL that the BigIP is running.&nbsp;

alin_olar_24603 · Answer

This is what the request looks like :&nbsp;
SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'&nbsp;
SSLProtocol -ALL +TLSv1.1 +TLSv1.2&nbsp;

Forum Discussion

Exact syntax for SSL ciphers

4 Replies

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Query on source IP preservation for syslog traffic through F5 virtual server

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS