For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

daveferrier_202's avatar
daveferrier_202
Icon for Nimbostratus rankNimbostratus
Feb 25, 2019

how to prioritize cipher suites

I am running version LTM BIGIP 12.1.3.5 and confused as to how to prioritize cipher suites.   I am using this cipher string on some client and server side ssl profiles. DEFAULT:@STRENGTH:!3DES:!EX...
BIG-IP
LTM
security
wlopez's avatar
wlopez
Icon for Cirrocumulus rankCirrocumulus
Feb 25, 2019

You can test your cipher string using the following commands from bash:

tmm --clientciphers 'YOUR CLIENT SSL CIPHER STRING'

tmm --serverciphers 'YOUR SERVER SSL CIPHER STRING'

Exammple:

This will give you the default client ssl ciphers for the version your running:

tmm --clientciphers 'DEFAULT'

With it you can see what's active by default on your version, and start working from there.

To view your current setup:

tmm --clientciphers 'DEFAULT:@STRENGTH:!3DES:!EXPORT:!EXP:!MD5:!RC4'

My recommendation based on your version, to comply with just about every regulation out there would be:

tmm --clientciphers 'ECDHE:DEFAULT:!DHE:!3DES:!TLSv1:@STRENGTH'