Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

sandip_kakade's avatar
sandip_kakade
Icon for Nimbostratus rankNimbostratus
Oct 28, 2021

How to disable and enable specific weak/good ciphers In SSL profiles. How to achieve this .

Please enable the below mentioned two strong ciphers and TLSv1.3 in state filing application   TLSv1.2 cipher TLS_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 cipher TLS_RSA_WITH_AES_256_GCM_SHA384   Als...
application delivery
big-ip
LTM
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Oct 28, 2021

Hi sandip kakade,

In client ssl profile:

 

TLSv1_3:AES128-GCM-SHA256:AES256-GCM-SHA384

With this cipher suite, the following ciphers will be usable.

TLS13-AES128-GCM-SHA256/TLS1.3
TLS13-AES256-GCM-SHA384/TLS1.3
TLS13-CHACHA20-POLY1305-SHA256/TLS1.3
AES128-GCM-SHA256/TLS1.2
AES256-GCM-SHA384/TLS1.2

IANA name:

TLS_RSA_WITH_AES_128_GCM_SHA256

OpenSSL name:

AES128-GCM-SHA256

IANA name:

TLS_RSA_WITH_AES_256_GCM_SHA384

OpenSSL name:

AES256-GCM-SHA384