Forum Discussion

MVP

Feb 07, 2017

HowTo: Getting an awesome Qualys SSL-Labs rating... (Feb 2017 Update)

Hi Folks, I've posted in August 2016 a Client SSL Profile configuration to achive a top notch Qualys SSL-Labs rating. HowTo: Getting an awesome Qualys SSL-Labs rating... https://devcentral.f5.c...

Nimbostratus

Nov 20, 2017

Hi all,

Thank you very much Kai for this, really appreciate it.

Now with this new vulnerability K21905460: BIG-IP SSL vulnerability CVE-2017-6168 I suppose we will have to remove the RSA key exchange from the cipher list? https://support.f5.com/csp/article/K21905460

New list:

!SSLv2:!RSA:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4

What are your thoughts?

Regards,

bluestar007_339

Nimbostratus

Nov 20, 2017

Hi,

The final string is the below one ?

'DEFAULT:!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4'

Thanks

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HowTo: Getting an awesome Qualys SSL-Labs rating... (Feb 2017 Update)

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 rSeries 4600 support 3rd Party SFP

no upload file .docx

F5 LACP

F5 BGP Peering in Active /Standby Cluster

AS3 Storage

Related Content

Achieving an SSL Labs A+ score with F5 products

Security Sidebar: Improving Your SSL Labs Test Grade

Getting Started on DevCentral

Getting Started With n8n For AI Automation

Getting started with F5 Distributed Cloud (XC) Telemetry

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS