Forum Discussion

jwlarger's avatar
jwlarger
Icon for Cirrus rankCirrus
Mar 02, 2021

How to list all cipher keywords

Can I query from tmos or cli to list all valid cipher keywords? (Not tmm --clientciphers DEFAULT - I just want keywords like !TLSv1 and the like).

 

If not, is there a list online? I searched the kb, here, & the web with no luck.

 

  • ​Hello Jwlarger

    Specifying cipher suites

    TMM supports several ways to select groups of ciphers using a short string based on traits of those ciphers. These include the following:

    • SSL/TLS version: TLSv1, TLSv1_1, TLSv1_2, SSLv3
    • Bulk cipher: RC4, AES, AES-GCM
    • Key exchange: ECDHE, DHE (or EDH), RSA

    This is not an exhaustive list. Note that although the format is similar to OpenSSL, some strings differ and the results are not always the same. For more information about specifying cipher strings on the BIG-IP system, refer to the articles listed in the following Supplemental Information section

    REF - https://support.f5.com/csp/article/K15194

    This is the openssl list:

    https://www.openssl.org/docs/man1.0.2/man1/ciphers.html

    And this is the supplemental info:

    https://support.f5.com/csp/article/K01770517

    ​https://support.f5.com/csp/article/K15194

    Regards,

    Dario.

    • jwlarger's avatar
      jwlarger
      Icon for Cirrus rankCirrus

      Thank you, but I had this information already. And as you say, "This is not an exhaustive list. "

       

      An exhaustive list is EXACTLY what I'm looking for. F5 must have a list somewhere, either via command or on same arcane url, of ALL acceptable cipher keywords.

    • jwlarger's avatar
      jwlarger
      Icon for Cirrus rankCirrus

      Thanks, Sajid

       

      I was already aware of this article, and have quoted from it extensively for our in-house working aids.

       

      Still, though, no exhaustive list of acceptable cipher keywords.