Removing RCS-SHA

Question

I was looking at RC4 vulnerability and looking at default ciphers below it has RC4-SHA. I  was reading in dev central if I do below command this cipher would remove RS=C4. Are there any risk of change from default and remove it if command is correct?&nbsp;
Cipher
 NATIVE:!MD5:!EXPORT:!DES:!DHE:!EDH:!RC4-SHA:@SPEED 
Command
[cfranklin@LEW3900-LBCore-B:Active:In Sync] ~  tmm  --clientciphers 'DEFAULT'
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC                               KEYX
0:     5  RC4-SHA                          128  SSL3    Native  RC4     &nbsp;

boneyard · Answer

not sure what you mean with command, is that tmm --clientciphers ? that command only shows which ciphers would be used for a certain cipher string. it doesn't apply anything or such.&nbsp;
if you want to use a specific cipher string then you use it on the ssl profile. the one you show does indeed not use the RC4 one. it does add a whole lot of ciphers compared to the DEFAULT one. some of which you might not want.&nbsp;
if you just want to exclude RC4 you could also do 'DEFAULT:!RC4', in the newer versions this gives quite a safe set.&nbsp;
the risk is that there might be clients that only want to do RC4 and then their connections would fail.&nbsp;

Forum Discussion

Removing RCS-SHA

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Maintenance page / local website that includes subfolders

AWS F5_OWASP Managed Rule Blocking requests

AST Configuration help

rSeries Configuration Backup

Questions on Migrating configs from iSeries to RSeries F5s

Related Content

Remove alerts showing r-series LCD/Dashboard.

Remove Quotation marks

remove www

Removal Cookies on Client Browser

CVE-2014-3566: Removing SSLv3 from BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS