Forum Discussion
Steven_Filisko_
Nimbostratus
NimbostratusIs there a way to remove a custom option from an HTTP Profile via TMSH?
I'm looking for a way to remove a custom option from an SSL Profile via TMSH.
VIA TMSH and without having to delete and recreate profiles, I'd like to un-check the "Custom" box for "Ciphers", removing the explicitly defined ciphers, and allow the ciphers to cascade down from the parent profile.
In the below config, I'd like to know a TMSH command to remove the "ciphers" option (marked with "") from the profile.
ltm profile client-ssl {
app-service none
cert
chain /Common/VeriSign_Class_3_Secure_Server_CA_G3.crt
ciphers !COMPAT:ECDHE+AES:ECDHE+3DES:AES:3DES:!MD5:!EXPORT:!DES:!EDH:!RC4
defaults-from /Common/clientssl_Filisko_Test
key
passphrase
}
4 Replies
- nitass
Employee
can you try this?
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm profile client-ssl test ltm profile client-ssl test { app-service none cert-key-chain { default { cert default.crt key default.key } } ciphers !COMPAT:ECDHE+AES:ECDHE+3DES:AES:3DES:!MD5:!EXPORT:!DES:!EDH:!RC4 inherit-certkeychain true } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) modify ltm profile client-ssl test ciphers default-value root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm profile client-ssl test ltm profile client-ssl test { app-service none cert-key-chain { default { cert default.crt key default.key } } inherit-certkeychain true } 
Steven_Filisko_Not sure what version you are running, but I tried both 11.4.1 and 11.5.1 and get the following error message:
admin@(device)(cfg-sync Changes Pending)(Active)(/Common)(tmos) modify ltm profile client-ssl clientssl_Filisko_Test ciphers default-value 01070312:3: Invalid keyword 'default-value' in ciphers list for profile /Common/clientssl_Filisko_Test- nitassit is introduced in 11.6. ID346732 TMSH - unable to set profile attribute to its default
- Steven_Filisko_
Ok, thank you much!
