Forum Discussion

Cirrus

May 21, 2019

Selecting non-CBC ciphers

Qualys downgraded CBC and so we are dealing with reports that these ciphers are weak. Like: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) WEAK So, all our app owners are asking how to a...

application delivery

LTM

Hamish

Cirrocumulus

May 22, 2019

You make a concious decision.

Do you wish to (insecurely) 'support' old insecure clients?
Or do you wish to be secure?

Seriously. This is an age old one that goes back to the early days of IE with 56-bit encryption. Then we inserted a redirect for anyone with bad encryption to a page saying update your browser. I'd probably recommend the same today.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Selecting non-CBC ciphers

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Why does SSLO not support ACTIVE-ACTIVE mode deployments？

Failed to set RDP launch token timeout

Horizon View iApp - Big-IP 17.5

r4600 Tenant CPU Assignment

master key file on vcmp guest HA Cluster different?

Related Content

Cipher Suite Practices and Pitfalls

Cipher Strength Pool Selection

LTM Cipher rule

Disabling Weak Ciphers

Disable below cipher

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS