Forum Discussion
Kevin_Stewart
Sep 18, 2018Employee
You're right. Based on https://support.f5.com/csp/article/K1316311.4.1, there are NO ciphers available that don't either do (non-PFS) RSA key exchange or use SHA1. There are two that use SHA256, and seven that don't use RSA, but none of these overlap.
Minimally you need to upgrade to 11.5.1 to get the cipher combinations that you want. There are several ciphers in this version that satisfy the requirements.