Forum Discussion
CirrostratusHow to test cipher suite strength?
NoctilucentHello Julio.
Sorry, but this doesn't make sense.
The cipher involves the F5, but 'options' normally refers to client application vulnerabilities.
An example:
"Netscape CA DN bug workaround: This option handles a defect regarding system instability. The system crashes or hangs if the following conditions are met: 1) the system accepts a Netscape browser connection, 2) the system demands a client certificate, 3) the system has a non-self-signed CA that does not have its CA in Netscape, and 4) the browser has a certificate. This option is in place to ensure the system does not crash or hang."
So in your previous capture you only have into account the cipher strength, not the options.
To test one specific platform you would need to test it from all the different clients possible and depending on that, you would have a complete list o how your enviroment behaves to those queries.
There are some applications like Qualys that allow you to test your public site from different clients, but this is far to be an official security audit of your F5 SSL strength. Take into account that some people works (for money) performing security auditories, and it's not only to put a command a CLI 😊.
Hope this it helps.
KR,
Dario.
NoctilucentBTW, there other similar tools like nmap that could allow you to perform web tests like Qualys but from inside of your network.
nmap -sV --script ssl-enum-ciphers -p 443 <host>To execute it, you need to download this script:
