Example cipher suite needed...

Question

I am running a box in our lab that is running 11.5.3. We have some very old Vista clients that need to access to two SSL VIPs.  I need to use a cipher string that will support these ciphers below. I assume it will require use of the COMPAT stack.&nbsp;
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA&nbsp;
Can some provide an example of a cipher string that will support these AES_128 and RC4 ciphers?  I know this opens me up to vulnerabilities but I have no choice.&nbsp;
Thank you,&nbsp;

hannes_rapp · Answer

I don't think you will need RC4. If you can test, give a try to ALL:!EXPORT:!RC4:!DES:!ADH:!EDH:!SSLv3
-This SSL/TLS config also complies with PCI DSS 3.0 (Enforced till the end of June 2016)
Although the string above qualifies for grade A in Qualys SSL labs, it's not perfect from a security standpoint. Windows Vista and XP clients on IE8 and newer can connect using TLS1.0 in combination with CBC.

Forum Discussion

Example cipher suite needed...

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

AWS F5_OWASP Managed Rule Blocking requests

F5OS VLAN naming length restrictions

How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

Maintenance page / local website that includes subfolders

VIPRION B2250 to VELOS CX410 and BIG-IPr10900 migration

Related Content

APM variable assign examples

APM Advanced Customization Examples with Modern Template, v15.1+

Cipher Suite Practices and Pitfalls

APM-DHCP Access Policy Example and Detailed Instructions

Time based iRule example

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS