Forum Discussion
NimbostratusNeed to build cipher group based upon these keys
Hi,
i need to create cipher group based upon these keys, but unable to create group. it shows string error.
TLS1-ECDHE-RSA-AES256-SHA TLS1-ECDHE-RSA-AES128-SHA TLS1-DHE-DSS-AES-128-CBC-SHA TLS1-DHE-DSS-AES-256-CBC-SHA TLS1-AES-128-CBC-SHA TLS1-AES-256-CBC-SHA TLS1.2-AES128-GCM-SHA256 TLS1.2-AES256-GCM-SHA384 TLS1.2-DHE-RSA-AES128-GCM-SHA256
Harry1Appreciate if anyone can help here.
AceDawg1When creating a custom cipher string (Local Traffic->Ciphers->Rules), you don't need to specify the TLS portion. For example, you have:
TLS1-ECDHE-RSA-AES256-SHAThis should be:
ECDHE-RSA-AES256-CBC-SHAIn addition, when specifying multiple cipher strings, they should be separated with a colon:
ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA...For a full list of ciphers supported on the f5 version running in your environment, do the following:
- SSH to the F5
- Login as root
- Type tmm --clientciphers all | less
- Harry1
Thanks for your response. actualy i am trying this:
ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-SHA:DHE-DSS-AES128-CBC-SHA:DHE-DSS-AES256-CBC-SHA:AES128-CBC-SHA:AES256-CBC-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256
but showing an error. if i try only "ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA" it works . otherwise for any other string it shows an error.
- AceDawg1
It appears that some of the ciphers you have listed may not be supported on your system. To verify, you need to compare the cipher strings you are entering with the supported ciphers on the system. From the commandline enter: tmm --clientciphers all. The ciphers you have listed should match the ciphers listed in the output of the tmm command.
- AceDawg_204810
Cirrus
When creating a custom cipher string (Local Traffic->Ciphers->Rules), you don't need to specify the TLS portion. For example, you have:
TLS1-ECDHE-RSA-AES256-SHAThis should be:
ECDHE-RSA-AES256-CBC-SHAIn addition, when specifying multiple cipher strings, they should be separated with a colon:
ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA...For a full list of ciphers supported on the f5 version running in your environment, do the following:
- SSH to the F5
- Login as root
- Type tmm --clientciphers all | less
- Harry1
Thanks for your response. actualy i am trying this:
ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-SHA:DHE-DSS-AES128-CBC-SHA:DHE-DSS-AES256-CBC-SHA:AES128-CBC-SHA:AES256-CBC-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256
but showing an error. if i try only "ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA" it works . otherwise for any other string it shows an error.
- AceDawg_204810
It appears that some of the ciphers you have listed may not be supported on your system. To verify, you need to compare the cipher strings you are entering with the supported ciphers on the system. From the commandline enter: tmm --clientciphers all. The ciphers you have listed should match the ciphers listed in the output of the tmm command.