Forum Discussion
LTM Cipher rule
- Jan 25, 2023
So, I ran this string :
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256
This should be exactly what you need (BIG-IP 15.1.5.1) as there is 3 repetitions in ur list (49199 49200 and 52392 are all mentioned twice)
You can either use a rule + group now (which might be better if u want to recall in multiple profiles)
or just paste the string in your profile (maybe you can do a "template" profile object with this setting and other basic stuff that you can refer as "parent" for creating all of your other objects)
This should be all,
regards
CA
You can tune your clientSSL profile's "cipher string" parameter, if you need those suites only you could possibly specify them explicitely.
Check this cheat sheet out, it's still pretty valid: http://smanthey.net/downloads/ssl/ssl-cipher-cs-a4-02.pdf
run in the cli: tmm --ciphersuites "<string>" to see what your string matches before installing
Hello:
How can I specify them explicitely? Because everythin point that I need cipher suite string. That is a kind of search, I cannot find a pattern to match my needs.
The pdf look great.
kind regards
- CA_ValliJan 25, 2023MVP
The configuration is implemented via a clientSSL profile.
Every suite you listed is uniquely identified by an ID, for example (according to this link) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 has id 0xC02F (or 49199 in decimal).
When you run the command in my last comment on BIGIP, look for suite ID 49199, copy the text and paste it in cipher string to include that suite only. To build more suites, you use : (include) or :! (exclude) just like the PDF shows you.
- CA_ValliJan 25, 2023MVP
So, I ran this string :
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256
This should be exactly what you need (BIG-IP 15.1.5.1) as there is 3 repetitions in ur list (49199 49200 and 52392 are all mentioned twice)
You can either use a rule + group now (which might be better if u want to recall in multiple profiles)
or just paste the string in your profile (maybe you can do a "template" profile object with this setting and other basic stuff that you can refer as "parent" for creating all of your other objects)
This should be all,
regards
CA- lmediavillaJan 25, 2023Nimbostratus
Brilliant, this is exactly what I needed. Many thanks!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com