Forum Discussion
CirrusLogic behind F5's Cipher Suite selection from the default Cipher suite
!SSLv3:!SSLv2:AES:ALL:!DH:!ADH:!EDH:!MD5:!EXPORT:!DES:@SPEED (Cipher suite used) The intention is to enable the clients to be able to select AES as their cipher suite. 1.) Now does this AES being configured ahead of ALL work ? 2.) will the clients now start using AED frequently as compared to the other available Cipher Suites ( given that at the of the statement we have keyed in :@SPEED ) 3.) Are there other parameters like @SPEED supported by F5 for clients to choose the selection logic ?
- We actually use "!EXPORT:!DH:!MD5:!SSLv3:!DTLSv1:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:RSA+AES-GCM:RSA+AES:RSA+3DES"
6 Replies
James_ThomsonEmployee
This article talks about using @strength as well. I'm guessing you don't want @speed if you want AES to be preferred: https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15194.html
Also refer to https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html
https://support.f5.com/kb/en-us/solutions/public/8000/800/sol8802.html
Brad_Parker
will show you the preference order based on your string. You can order them however you want and you don't have to usetmm --clientciphers ''
or@SPEED
. At strength will prioritized based on key size, so if you want PFS it won't be prioritized as ECDH has smaller key sizes.@STRENGTH- Brad_ParkerWe actually use "!EXPORT:!DH:!MD5:!SSLv3:!DTLSv1:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:RSA+AES-GCM:RSA+AES:RSA+3DES"
Brad_Parker_139Nacreous
will show you the preference order based on your string. You can order them however you want and you don't have to usetmm --clientciphers ''
or@SPEED
. At strength will prioritized based on key size, so if you want PFS it won't be prioritized as ECDH has smaller key sizes.@STRENGTH- Brad_Parker_139We actually use "!EXPORT:!DH:!MD5:!SSLv3:!DTLSv1:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:RSA+AES-GCM:RSA+AES:RSA+3DES"
- bcrogerz
thank you gentlemen ,my query has been resolved.
