How to remove only DES from the chipher list

Hi, Do not want to use DES in the below... How can I disable the DES (in bold) from below list? MEDIUIM:HIGH:-SSLv2:-aNULL:@STRENGTH:-EDH-RSA-DES-CBC3-SHA:-EDH-DSS-DES-CBC3-SHA:-DES-CBC3-SHA:-...

BIG-IP

Chiper

DES

security

ssl

Sep 04, 2019

If you want to remove all ciphersuites that use DES, you can use the following:

ecdhe:rsa:!sslv3:!rc4:!exp:!des:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-RSA-AES128-CBC-SHA:!ECDHE-RSA-AES256-CBC-SHA

, which is based on the defaul values in the clientssl-secure profile in BIG-IP v13.1 and provides the following ciphersuites:

v13.1:

# tmm --clientciphers 'ecdhe:rsa:!sslv3:!rc4:!exp:!des:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-RSA-AES128-CBC-SHA:!ECDHE-RSA-AES256-CBC-SHA'
       ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX
 0: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM   SHA256  ECDHE_RSA 
 1: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES       SHA256  ECDHE_RSA 
 2: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM   SHA384  ECDHE_RSA 
 3: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES       SHA384  ECDHE_RSA 
 4:   156  AES128-GCM-SHA256                128  TLS1.2  Native  AES-GCM   SHA256  RSA       
 5:    47  AES128-SHA                       128  TLS1    Native  AES       SHA     RSA       
 6:    47  AES128-SHA                       128  TLS1.1  Native  AES       SHA     RSA       
 7:    47  AES128-SHA                       128  TLS1.2  Native  AES       SHA     RSA       
 8:    47  AES128-SHA                       128  DTLS1   Native  AES       SHA     RSA       
 9:    60  AES128-SHA256                    128  TLS1.2  Native  AES       SHA256  RSA       
10:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM   SHA384  RSA       
11:    53  AES256-SHA                       256  TLS1    Native  AES       SHA     RSA       
12:    53  AES256-SHA                       256  TLS1.1  Native  AES       SHA     RSA       
13:    53  AES256-SHA                       256  TLS1.2  Native  AES       SHA     RSA       
14:    53  AES256-SHA                       256  DTLS1   Native  AES       SHA     RSA       
15:    61  AES256-SHA256                    256  TLS1.2  Native  AES       SHA256  RSA       
16:    65  CAMELLIA128-SHA                  128  TLS1    Native  CAMELLIA  SHA     RSA       
17:    65  CAMELLIA128-SHA                  128  TLS1.1  Native  CAMELLIA  SHA     RSA       
18:    65  CAMELLIA128-SHA                  128  TLS1.2  Native  CAMELLIA  SHA     RSA       
19:   132  CAMELLIA256-SHA                  256  TLS1    Native  CAMELLIA  SHA     RSA       
20:   132  CAMELLIA256-SHA                  256  TLS1.1  Native  CAMELLIA  SHA     RSA       
21:   132  CAMELLIA256-SHA                  256  TLS1.2  Native  CAMELLIA  SHA     RSA

in v11.6.4:

# tmm --clientciphers 'ecdhe:rsa:!sslv3:!rc4:!exp:!des:!DES-CBC3-SHA'
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM  SHA384  ECDHE_RSA 
 1: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES     SHA384  ECDHE_RSA 
 2: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1    Native  AES     SHA     ECDHE_RSA 
 3: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  Native  AES     SHA     ECDHE_RSA 
 4: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  Native  AES     SHA     ECDHE_RSA 
 5: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1    Native  DES     SHA     ECDHE_RSA 
 6: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.1  Native  DES     SHA     ECDHE_RSA 
 7: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.2  Native  DES     SHA     ECDHE_RSA 
 8: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM  SHA256  ECDHE_RSA 
 9: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES     SHA256  ECDHE_RSA 
10: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1    Native  AES     SHA     ECDHE_RSA 
11: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  Native  AES     SHA     ECDHE_RSA 
12: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  Native  AES     SHA     ECDHE_RSA 
13:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM  SHA384  RSA       
14:    61  AES256-SHA256                    256  TLS1.2  Native  AES     SHA256  RSA       
15:    53  AES256-SHA                       256  TLS1    Native  AES     SHA     RSA       
16:    53  AES256-SHA                       256  TLS1.1  Native  AES     SHA     RSA       
17:    53  AES256-SHA                       256  TLS1.2  Native  AES     SHA     RSA       
18:    53  AES256-SHA                       256  DTLS1   Native  AES     SHA     RSA       
19:   156  AES128-GCM-SHA256                128  TLS1.2  Native  AES-GCM  SHA256  RSA       
20:    60  AES128-SHA256                    128  TLS1.2  Native  AES     SHA256  RSA       
21:    47  AES128-SHA                       128  TLS1    Native  AES     SHA     RSA       
22:    47  AES128-SHA                       128  TLS1.1  Native  AES     SHA     RSA       
23:    47  AES128-SHA                       128  TLS1.2  Native  AES     SHA     RSA       
24:    47  AES128-SHA                       128  DTLS1   Native  AES     SHA     RSA

[Edited]

Forum Discussion

How to remove only DES from the chipher list

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Remove alerts showing r-series LCD/Dashboard.

Remove Quotation marks

remove www

Removal Cookies on Client Browser

CVE-2014-3566: Removing SSLv3 from BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS