Forum Discussion
NimbostratusHow to force LTM to return TLS_RSA_WITH_RC4_128_SHA as ciphers string in a SSL client profile
Hi There,
After upgrading LTM from 11.3 to 11.5, it seems like breaking application TLS single sign-on feature. During TLS handshake initiated by client, the LTM returns TLS_RSA_WITH_3DES_EDE_CBC_SHA as chosen cipher. Before upgrade, the LTM returned TLS_RSA_WITH_RC4_128_SHA as chosen cipher.
How to force LTM to return TLS_RSA_WITH_RC4_128_SHA as a cipher string in a SSL client profile at v11.5?
Thanks,
Hong
2 Replies
Brad_ParkerCirrus
!EXPORT:!SSLv3:RC4-SHA
- MegaZone
SIRT
What is your currently configured cipher string? This is going to come down to the cipher string and ordering. This SOL shows what is enabled by default on each 11.x version: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13156.html
And this one the actual strings that 'DEFAULT' is shorthand for: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html
It is a matter of enabling/disabling the appropriate ciphers, and you can play with the ordering in the string to place the cipher(s) you most want used first.
