Forum Discussion
NimbostratusNeed to build cipher group based upon these keys
NimbostratusWhen creating a custom cipher string (Local Traffic->Ciphers->Rules), you don't need to specify the TLS portion. For example, you have:
TLS1-ECDHE-RSA-AES256-SHA
This should be:
ECDHE-RSA-AES256-CBC-SHA
In addition, when specifying multiple cipher strings, they should be separated with a colon:
ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA...
For a full list of ciphers supported on the f5 version running in your environment, do the following:
- SSH to the F5
- Login as root
- Type tmm --clientciphers all | less
NimbostratusThanks for your response. actualy i am trying this:
ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-SHA:DHE-DSS-AES128-CBC-SHA:DHE-DSS-AES256-CBC-SHA:AES128-CBC-SHA:AES256-CBC-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256
but showing an error. if i try only "ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA" it works . otherwise for any other string it shows an error.
