LTM Cipher rule
Hello:
I've been asked to allow just some security protocols but I think there is not any manual way to just select these.
I've tried creating a cipher rule or trying to select using the cipher group.
Is this even possible?
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_AES128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
TLS_AES_128_GCM_SHA256,
TLS_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_CHACHA20_POLY1305_SHA256
Kind regards.
So, I ran this string :
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256
This should be exactly what you need (BIG-IP 15.1.5.1) as there is 3 repetitions in ur list (49199 49200 and 52392 are all mentioned twice)
You can either use a rule + group now (which might be better if u want to recall in multiple profiles)
or just paste the string in your profile (maybe you can do a "template" profile object with this setting and other basic stuff that you can refer as "parent" for creating all of your other objects)
This should be all,
regards
CA