Forum Discussion
Only show 256 bits ciphers - parent client-ssl profile
Hello Julio,
first things first, I would recommend not to edit default SSL profiles: instead, create a new one and inherit settings from defaults.
You can filter ciphers by strength with keywords LOW (64 bit bulk crypto algorithm) , MEDIUM (128-bit) and HIGH ( [ 168 bit/192 bit -- deprecated] and 256-bit ).
So your default string should be HIGH , and then exclude unwanted suites.
You can test output with command tmm --clientciphers <string> , ex. tmm --clientciphers "HIGH" or tmm --clientciphers "HIGH:!ECDH_RSA:!ECDH_ECDSA:!SHA:!RSA"
- Fallout1984Nov 18, 2021Cirrocumulus
That's good info. With "@STRENGTH" one can have the cipher negotiation start with the strongest cipher and progress to the weakest (example: DEFAULT:!3DES:!DHE:!RC4:!RSA:@STRENGTH)
This is just for anyone who may have a need for it. 😀
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com