Forum Discussion

What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Oct 27, 2014

Management Interface SSL Ciphers

Hey all, So, I'm trying to restrict the SSL ciphers used with the management interface (including iControl). To test this, I've used the [tmsh] modify sys httpd ssl-ciphersuite ... command with...
configuration utility
devops
iControl
ssl
TMOS
TMSH
What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Oct 28, 2014

Thanks Jie but I don't see any solution in SOL15702 or the article you link to, for versions prior to 11.5?

Regardless, I'm happy that I can disable SSLv3 by simply specifying 

NONE:
followed by a small set of TLS only ciphers.

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Oct 28, 2014
    I see. Did you test to see if SSLv3 is really disabled after removing SSLv3 cipher suite?
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 28, 2014
    See below, restricting the ciphers to TLS1.2 ones indirectly 'disables' SSLv3 (i.e its not disabled but will never be used) without the need to modify the Apache ssl.conf file.