Forum Discussion
F5 ciphersuite syntax
Greetings,
I parsed through the responses and don't see that anyone's mentioned this yet, apologies if this has already been mentioned:
Note: When you use the ! symbol preceding a cipher, the SSL profile permanently removes the cipher from the cipher list, even if it is explicitly stated later in the cipher string. When you use the - symbol preceding a cipher, the SSL profile removes the cipher from the cipher list, but it can be added back to the cipher list if there are later options that allow it. For more information about building and viewing custom cipher lists, refer to K15194: Overview of the BIG-IP SSL/TLS cipher suite.
https://support.f5.com/csp/article/K13171
Hope this is helpful, thank you!
Kevin
Thanks,
The missed question/answer in all this was how does the following syntax ONLY allow TLSv1.2:
'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:-TLSv1:-SSLv3:RC4-SHA'
Or put another way, when you read that syntax, what specifically prevents ciphers that use TLSv1.1 or TLS1.0 or even SSLv3 from being used?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com