Forum Discussion

Icon for Cirrostratus rank

Cirrostratus

Apr 02, 2020

How to test cipher suite strength?

Hello, I am looking for a different (if available) way to test a client-ssl profile and its cipher suite configured besides using openssl against a VIP with the profile in question....? Important -...

Icon for Cirrostratus rank

Cirrostratus

Apr 02, 2020

Thanks Dario!

How about "how to apply the options portion of the profile":

options { netscape-reuse-cipher-change-bug microsoft-big-sslv3-buffer msie-sslv2-rsa-padding ssleay-080-client-dh-bug tls-d5-bug tls-block-padding-bug dont-insert-empty-fragments no-ssl no-dtls no-session-resumption-on-renegotiation no-tlsv1.1 single-dh-use ephemeral-rsa cipher-server-preference tls-rollback-bug no-sslv2 no-sslv3 no-tlsv1 pkcs1-check-1 pkcs1-check-2 netscape-ca-dn-bug netscape-demo-cipher-change-bug }

Icon for Noctilucent rank

Noctilucent

Apr 02, 2020

'Options' are specific features to increase security. The better way is to enable all that you can.

REF - https://devcentral.f5.com/s/articles/ssl-profiles-part-5-ssl-options

KR,

Dario.

Introducing the F5 Application Study Tool (AST)

Technical Articles

application delivery

Application Study Tool

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Technical Articles

Application Study Tool

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming