HowTo: Getting an awesome Qualys SSL-Labs rating... (Feb 2017 Update)

MVP

Jan 11, 2019

Hi Joe,

:@SPEED

is the default setting. It won't change anything if you explicitly add this directive to your cipher string (see below).

Cheers, Kai

[root@f501:Active:Standalone] config  tmm --clientcipher 'DEFAULT:!DHE:!3DES:!TLSv1'
       ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX
 0: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM   SHA256  ECDHE_RSA 
 1: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  Native  AES       SHA     ECDHE_RSA 
 2: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  Native  AES       SHA     ECDHE_RSA 
 3: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES       SHA256  ECDHE_RSA 
 4: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM   SHA384  ECDHE_RSA 
 5: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  Native  AES       SHA     ECDHE_RSA 
 6: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  Native  AES       SHA     ECDHE_RSA 
 7: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES       SHA384  ECDHE_RSA 
 8:   156  AES128-GCM-SHA256                128  TLS1.2  Native  AES-GCM   SHA256  RSA       
 9:    47  AES128-SHA                       128  TLS1.1  Native  AES       SHA     RSA       
10:    47  AES128-SHA                       128  TLS1.2  Native  AES       SHA     RSA       
11:    47  AES128-SHA                       128  DTLS1   Native  AES       SHA     RSA       
12:    60  AES128-SHA256                    128  TLS1.2  Native  AES       SHA256  RSA       
13:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM   SHA384  RSA       
14:    53  AES256-SHA                       256  TLS1.1  Native  AES       SHA     RSA       
15:    53  AES256-SHA                       256  TLS1.2  Native  AES       SHA     RSA       
16:    53  AES256-SHA                       256  DTLS1   Native  AES       SHA     RSA       
17:    61  AES256-SHA256                    256  TLS1.2  Native  AES       SHA256  RSA       
18:    65  CAMELLIA128-SHA                  128  TLS1.1  Native  CAMELLIA  SHA     RSA       
19:    65  CAMELLIA128-SHA                  128  TLS1.2  Native  CAMELLIA  SHA     RSA       
20:   132  CAMELLIA256-SHA                  256  TLS1.1  Native  CAMELLIA  SHA     RSA       
21:   132  CAMELLIA256-SHA                  256  TLS1.2  Native  CAMELLIA  SHA     RSA       
22: 49195  ECDHE-ECDSA-AES128-GCM-SHA256    128  TLS1.2  Native  AES-GCM   SHA256  ECDHE_ECDSA
23: 49161  ECDHE-ECDSA-AES128-SHA           128  TLS1.1  Native  AES       SHA     ECDHE_ECDSA
24: 49161  ECDHE-ECDSA-AES128-SHA           128  TLS1.2  Native  AES       SHA     ECDHE_ECDSA
25: 49187  ECDHE-ECDSA-AES128-SHA256        128  TLS1.2  Native  AES       SHA256  ECDHE_ECDSA
26: 49196  ECDHE-ECDSA-AES256-GCM-SHA384    256  TLS1.2  Native  AES-GCM   SHA384  ECDHE_ECDSA
27: 49162  ECDHE-ECDSA-AES256-SHA           256  TLS1.1  Native  AES       SHA     ECDHE_ECDSA
28: 49162  ECDHE-ECDSA-AES256-SHA           256  TLS1.2  Native  AES       SHA     ECDHE_ECDSA
29: 49188  ECDHE-ECDSA-AES256-SHA384        256  TLS1.2  Native  AES       SHA384  ECDHE_ECDSA
[root@f501:Active:Standalone] config  tmm --clientcipher 'DEFAULT:!DHE:!3DES:!TLSv1:@SPEED'
       ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX
 0: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM   SHA256  ECDHE_RSA 
 1: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  Native  AES       SHA     ECDHE_RSA 
 2: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  Native  AES       SHA     ECDHE_RSA 
 3: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES       SHA256  ECDHE_RSA 
 4: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM   SHA384  ECDHE_RSA 
 5: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  Native  AES       SHA     ECDHE_RSA 
 6: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  Native  AES       SHA     ECDHE_RSA 
 7: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES       SHA384  ECDHE_RSA 
 8:   156  AES128-GCM-SHA256                128  TLS1.2  Native  AES-GCM   SHA256  RSA       
 9:    47  AES128-SHA                       128  TLS1.1  Native  AES       SHA     RSA       
10:    47  AES128-SHA                       128  TLS1.2  Native  AES       SHA     RSA       
11:    47  AES128-SHA                       128  DTLS1   Native  AES       SHA     RSA       
12:    60  AES128-SHA256                    128  TLS1.2  Native  AES       SHA256  RSA       
13:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM   SHA384  RSA       
14:    53  AES256-SHA                       256  TLS1.1  Native  AES       SHA     RSA       
15:    53  AES256-SHA                       256  TLS1.2  Native  AES       SHA     RSA       
16:    53  AES256-SHA                       256  DTLS1   Native  AES       SHA     RSA       
17:    61  AES256-SHA256                    256  TLS1.2  Native  AES       SHA256  RSA       
18:    65  CAMELLIA128-SHA                  128  TLS1.1  Native  CAMELLIA  SHA     RSA       
19:    65  CAMELLIA128-SHA                  128  TLS1.2  Native  CAMELLIA  SHA     RSA       
20:   132  CAMELLIA256-SHA                  256  TLS1.1  Native  CAMELLIA  SHA     RSA       
21:   132  CAMELLIA256-SHA                  256  TLS1.2  Native  CAMELLIA  SHA     RSA       
22: 49195  ECDHE-ECDSA-AES128-GCM-SHA256    128  TLS1.2  Native  AES-GCM   SHA256  ECDHE_ECDSA
23: 49161  ECDHE-ECDSA-AES128-SHA           128  TLS1.1  Native  AES       SHA     ECDHE_ECDSA
24: 49161  ECDHE-ECDSA-AES128-SHA           128  TLS1.2  Native  AES       SHA     ECDHE_ECDSA
25: 49187  ECDHE-ECDSA-AES128-SHA256        128  TLS1.2  Native  AES       SHA256  ECDHE_ECDSA
26: 49196  ECDHE-ECDSA-AES256-GCM-SHA384    256  TLS1.2  Native  AES-GCM   SHA384  ECDHE_ECDSA
27: 49162  ECDHE-ECDSA-AES256-SHA           256  TLS1.1  Native  AES       SHA     ECDHE_ECDSA
28: 49162  ECDHE-ECDSA-AES256-SHA           256  TLS1.2  Native  AES       SHA     ECDHE_ECDSA
29: 49188  ECDHE-ECDSA-AES256-SHA384        256  TLS1.2  Native  AES       SHA384  ECDHE_ECDSA
[root@f501:Active:Standalone] config

Forum Discussion

HowTo: Getting an awesome Qualys SSL-Labs rating... (Feb 2017 Update)

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 rSeries 4600 support 3rd Party SFP

no upload file .docx

F5 LACP

F5 BGP Peering in Active /Standby Cluster

AS3 Storage

Related Content

Achieving an SSL Labs A+ score with F5 products

Security Sidebar: Improving Your SSL Labs Test Grade

Getting Started on DevCentral

Getting Started With n8n For AI Automation

Getting started with F5 Distributed Cloud (XC) Telemetry

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS