Forum Discussion
Sriram_Shanmuga
Altostratus
AltostratusHow to disable weak cipher from Client SSL Profile
Hi,
We have disabled few ciphers and we have rating "A" in qualys ssl checker portal.
We have a requirement to disable weak ciphers as well.
Could some one advice how to disable weak ciphers.
Pl...
By using DEFAULT:@STRENGTH command you can preferred the ciphers to use only Strength.
ka1021_129079
Altocumulus
AltocumulusHi Sriram,
Your can disable weak ciphers by putting following cipher string in clientssl_profile Local Traffic ›› Profiles : SSL : Client >> Ciphers (Cipher String) DEFAULT:!RSA:!DES:!3DES:!DHE
Also have a look at below KB articles: For 11.x - https://support.f5.com/csp/article/K13171 For 12.x - https://support.f5.com/csp/article/K13170
Regards, Kaustubh
Sriram_ShanmugaHi Kaustubh,
Thanks for your suggestions. I will update you once the changes has been made.
thanks Sriram
- Sriram_Shanmuga
Hi Kaustubh,
I have made the changes suggested by you and i got the below output from ssl checker.
Thanks for your suggestions
Regards Sriram
- Sriram_Shanmuga
Hi Kaustubh,
After the change the TLS 1.0,1.1 was enabled.
Our requirement is to have TLS 1.2 alone and rest all protocols should be disable.
Please suggest a cipher for this requirement.
- ka1021_129079
Ok, thanks for update Sriram. Good to know that you got the solution.
- Sriram_Shanmuga
but the ssl rating changed from A to F now.
- ka1021_129079
try this: DEFAULT:!RSA:!DES:!3DES:!DHE:!TLSv1:!TLSv1_1
- Sriram_Shanmuga
Thanks a ton. It worked. Now got A rating and TLs 1.2 alone.