Forum Discussion

Cumulonimbus

Jul 04, 2024

Relation between Cipher-Suite and Key-type of server certificate

I must noticed/learned these days, that specific allowed ciphers are useless if they are not matching with the key-type of the server-certificate from the clientSSL profile. I think it's not unusual...

Juergen_Mang
Jul 05, 2024
For TLS1.2 there is a relation. As far I know this relation is for TLS1.3 no longer present.

To support, eg. RSA and EC algorithms you should add appropriated chains to one client ssl profile.

Reference: https://my.f5.com/manage/s/article/K15062

Juergen_Mang

MVP

For TLS1.2 there is a relation. As far I know this relation is for TLS1.3 no longer present.

To support, eg. RSA and EC algorithms you should add appropriated chains to one client ssl profile.

Reference: https://my.f5.com/manage/s/article/K15062

Stefan_Klotz

Cumulonimbus

Jul 05, 2024

Thank you Jürgen!
In the meanwhile I also found the following official F5 documentation:
https://my.f5.com/manage/s/article/K24121074
Also referencing the following and also you provided article:
https://my.f5.com/manage/s/article/K21239684

Regards Stefan :)

Forum Discussion

Relation between Cipher-Suite and Key-type of server certificate

Recent Discussions

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

APM issue errorcode=19

Related Content

Cipher Suites Supported (12.1.5.3)

Cipher Suite Practices and Pitfalls

Disabling Specific Weak Cipher Suites

Cipher suite mismatch advertisement/warning

SSL Profiles Part 4: Cipher Suites