Forum Discussion

Altostratus

Mar 06, 2020

How to build very specific Cipher string?

How can I specify a very specific Cipher string? The object is to only allow the ciphers below and offer them in this specific order. TLS13-AES256-GCM-SHA384/TLS1.3 TLS13-CHACHA20-POLY1305-SH...

Nimbostratus

I removed the CBC Ciphers to be compliant with SSL Labs weak ciphers list :

TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES128-GCM-SHA256:!TLSv1:!TLSv1_1

Simon_Blakely

Employee

Mar 12, 2020

In general, I would make the same recommendation, but the original request was for a specific set of ciphers. There are still some older clients that require CBC ciphers, and cannot be upgraded easily (embedded devices like Smart Meters, for example).

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

How to build very specific Cipher string?

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Cipher Suites Supported (12.1.5.3)

Cipher suite mismatch advertisement/warning

issue with irule redirecting with # string

Lightboard Lessons: What Are AEAD Ciphers?

Enforce Server Cipher proposal in preferred order

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS