Remove cipher from SSL profile.

Question

Hi Experts, Can you please help to remove below cipher from SSL profile. V11.4&nbsp;
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384&nbsp;
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256&nbsp;
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384&nbsp;
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA&nbsp;
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256&nbsp;
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA&nbsp;
Currently I am using this cipher "DEFAULT:!ADH:!EXPORT40:!EXP:!LOW:!MEDIUM:!SSLv3:!DHE:!ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES256-SHA384". &nbsp;
Please help me on this.&nbsp;

vijay_e · Answer

Try something like this in the cipher: !ECDH+AESGCM:!ECDH+AES256 for the relevant ciphers that you don't want to use. 
However, I would recommend the other way around, given the length of the ciphers that you are trying to avoid, why don't you identify the ciphers that you want to use and just allow them. 
See SOL13171 for cipher strings.

Forum Discussion

Remove cipher from SSL profile.

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Raise your hand if you'll be at AppWorld 2026

RDP Webtop deployment

Maintenance page / local website that includes subfolders

VIPRION B2250 to VELOS CX410 and BIG-IPr10900 migration

Single LTM with multiple GTM domains

Related Content

SSL Profiles Part 4: Cipher Suites

Capture Virtual Server Clientssl Profile & Ciphers Mapping - Bash

Cipher Suite Practices and Pitfalls

Remove alerts showing r-series LCD/Dashboard.

Python script to print report of VIPs, corresponding profiles, SSL profile cipher strings and full cipher list

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS