Forum Discussion

Cirrus

May 21, 2019

Selecting non-CBC ciphers

Qualys downgraded CBC and so we are dealing with reports that these ciphers are weak. Like: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) WEAK So, all our app owners are asking how to a...

application delivery

LTM

Hamish

Cirrocumulus

May 22, 2019

You make a concious decision.

Do you wish to (insecurely) 'support' old insecure clients?
Or do you wish to be secure?

Seriously. This is an age old one that goes back to the early days of IE with 56-bit encryption. Then we inserted a redirect for anyone with bad encryption to a page saying update your browser. I'd probably recommend the same today.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Selecting non-CBC ciphers

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Why I could not post a comment

Priority Group Activation is not working

F5 Config - API Access on servers

iRule Approach to Mask Authorization Header for Bot Defense Logging – Validation Needed

F5 Device Management Certificate renewal

Related Content

Cipher Suite Practices and Pitfalls

Cipher Strength Pool Selection

LTM Cipher rule

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

Disable below cipher

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS