Forum Discussion
Nimbostratusproblems with multiple ssl profiles & SNI
NacreousHello, Are you trying to setup and use different cipher suites to profiles laying on the same virtual server or are you having problem to set the new cipher suite to profiles that laying on the same virtual server?
If you chose the first, far as I know, the ssl profiles must have the same cipher suite and other flags to compatibility to work together. Plus, remember that just one must be a default SNI.
If you chose the second one, I think you can do this at least in three ways:
-
In line command modifying all profiles at the same time, like
. Maybe not the best choice because you will change all profiles into the partition and probably include a built-in profiles.modify ltm profile client-ssl all ciphers '' -
Remove all profiles from the virtual server, change profiles to that new cipher suite and then put back again that profiles to virtual server.
-
I don't recommend to change the built-in profile, so, create a new base clientssl that use the current cipher suite first, then associate this new clientssl on the other profiles as a parent and uncheck box to use the cipher suite from parent profile, finally apply the new cipher suite to the base clientssl profile. (For me, the best choice)
If I'm not wrong, in v13.x you could do this approach with a cipher group instead of parent base clientssl.
Just a idea, I hope it helps you.
Regards.
