Forum Discussion
NimbostratusNeed to build cipher group based upon these keys
CirrusWhen creating a custom cipher string (Local Traffic->Ciphers->Rules), you don't need to specify the TLS portion. For example, you have:
TLS1-ECDHE-RSA-AES256-SHA
This should be:
ECDHE-RSA-AES256-CBC-SHA
In addition, when specifying multiple cipher strings, they should be separated with a colon:
ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA...
For a full list of ciphers supported on the f5 version running in your environment, do the following:
- SSH to the F5
- Login as root
- Type tmm --clientciphers all | less
- Harry1
Thanks for your response. actualy i am trying this:
ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-SHA:DHE-DSS-AES128-CBC-SHA:DHE-DSS-AES256-CBC-SHA:AES128-CBC-SHA:AES256-CBC-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256
but showing an error. if i try only "ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA" it works . otherwise for any other string it shows an error.
- AceDawg_204810
It appears that some of the ciphers you have listed may not be supported on your system. To verify, you need to compare the cipher strings you are entering with the supported ciphers on the system. From the commandline enter: tmm --clientciphers all. The ciphers you have listed should match the ciphers listed in the output of the tmm command.
