bluestar007_339
Nov 09, 2017Nimbostratus
Hardening
Hi,
How do we change the ciphers in f5 something like below as part of hardening
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+………………..
Thanks
Hi,
How do we change the ciphers in f5 something like below as part of hardening
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+………………..
Thanks
Hello,
Instead of listing all ciphers that you want to allow. It may be simpler to accept except those that are weak.
Example: To remove all AES128-SHA ciphers you can use the following format.
DEFAULT:!AES128-SHA
You can consult the list of ciphers included in the DEFAULT for your BIG IP version here :
https://support.f5.com/csp/article/K13156
Hope it helps
Regards