Forum Discussion

Nimbostratus

Jul 02, 2017

How to disable weak cipher from Client SSL Profile. (TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x33))

Hi Folks, We are running BIG-IP LTM 12.1.1. We have already disabled the weak cipher from the Client SSL Profile but still getting Weak Cipher Qualys SSL-Labs rating. Currently we are havin...

application delivery

LTM

Morten_Marstran

Nimbostratus

Jul 02, 2017

Hi,

Not sure if this answers your question, but if you seek to score as high as possible on ssl-labs, you should use these ciphers:

ecdhe:rsa:!sslv3:!rc4:!exp:!des:!3des

It will get you an "A" score.

Regards,

Morten

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How to disable weak cipher from Client SSL Profile. (TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x33))

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Impact of disabling TCP Timestamp in TCP and fasl4 profile

How to disable weak cipher from Client SSL Profile

F5 BIG-IP Advanced WAF – "dos profile" reporting

Disable below cipher

Disabling Weak Ciphers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS