For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Prashnat_217898's avatar
Prashnat_217898
Icon for Nimbostratus rankNimbostratus
Jan 15, 2018

How do we know the server ssl cipher suites

How do we know the server ssl cipher suites, on exactly which suits f5 communicating to backend server  
application delivery
BIG-IP
LTM
Jad_Tabbara__J1's avatar
Jad_Tabbara__J1
Icon for Cirrostratus rankCirrostratus
Jan 16, 2018

Hello Prashnat,

If you want to check what are the supported ciphers on your backend, the easiest way is to go to the backend and check the complete list of ciphers using for example the command "openssl ciphers" if it is a linux system.

If you don't have the hand on the backend server, you will need to use a script to list all supported ciphers based on your client ciphers. For example if you connect to the CLI of the F5, you can use the following script to list all supported ciphers by the server.

https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers

If your need is to check ciphers of the SSL Server Profile on the F5, you can use 

tmm --serverciphers DEFAULT

by default if you didn't change anything to the SSL Profile the value of the ciphers parameter is "DEFAULT" if you change it to other thing use the same command but replace "DEFAULT" by your value.

Finally if you want to know which SSL cipher is used for the handshake, you can use the command 

openssl s_client -connect backend_ip:backend_port

Regards