Forum Discussion

Nimbostratus

Feb 17, 2015

How to force LTM to return TLS_RSA_WITH_RC4_128_SHA as ciphers string in a SSL client profile

Hi There, After upgrading LTM from 11.3 to 11.5, it seems like breaking application TLS single sign-on feature. During TLS handshake initiated by client, the LTM returns TLS_RSA_WITH_3DES_EDE_CB...

tls_rsa_with_3des_ede_cbc_sha

tls_rsa_with_rc4_128_sha

MegaZone

SIRT

Feb 17, 2015

What is your currently configured cipher string? This is going to come down to the cipher string and ordering. This SOL shows what is enabled by default on each 11.x version: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13156.html

And this one the actual strings that 'DEFAULT' is shorthand for: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html

It is a matter of enabling/disabling the appropriate ciphers, and you can play with the ordering in the string to place the cipher(s) you most want used first.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)