Server SSL Profile ciphers

Employee

Apr 28, 2014

this is mine.

 config

[root@B5200-R78-S13:Active:Standalone] config  tmsh show sys version|head

Sys::Version
Main Package
  Product  BIG-IP
  Version  11.4.1
  Build    637.0
  Edition  Hotfix HF3
  Date     Fri Jan 17 13:32:07 PST 2014

Hotfix List
[root@B5200-R78-S13:Active:Standalone] config  tmsh
root@(B5200-R78-S13)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 101.101.101.173:https
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        clientssl {
            context clientside
        }
        myserverssl {
            context serverside
        }
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 2
}
root@(B5200-R78-S13)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:https {
            address 200.200.200.101
        }
    }
}
root@(B5200-R78-S13)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm profile server-ssl myserverssl
ltm profile server-ssl myserverssl {
    app-service none
    ciphers DEFAULT:-TLSv1_1:-TLSv1_2
}

 cipher

[root@B5200-R78-S13:Active:Standalone] config  tmm --serverciphers "DEFAULT:-TLSv1_1:-TLSv1_2"
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0:     5  RC4-SHA                          128  SSL3    Native  RC4     SHA     RSA
 1:     5  RC4-SHA                          128  TLS1    Native  RC4     SHA     RSA
 2:    47  AES128-SHA                       128  SSL3    Native  AES     SHA     RSA
 3:    47  AES128-SHA                       128  TLS1    Native  AES     SHA     RSA
 4:    47  AES128-SHA                       128  DTLS1   Native  AES     SHA     RSA
 5:    53  AES256-SHA                       256  SSL3    Native  AES     SHA     RSA
 6:    53  AES256-SHA                       256  TLS1    Native  AES     SHA     RSA
 7:    53  AES256-SHA                       256  DTLS1   Native  AES     SHA     RSA
 8:    10  DES-CBC3-SHA                     192  SSL3    Native  DES     SHA     RSA
 9:    10  DES-CBC3-SHA                     192  TLS1    Native  DES     SHA     RSA
10:    10  DES-CBC3-SHA                     192  DTLS1   Native  DES     SHA     RSA
11: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1    Native  AES     SHA     ECDHE_RSA
12: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1    Native  AES     SHA     ECDHE_RSA
13: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1    Native  DES     SHA     ECDHE_RSA

 trace

New TCP connection 2: 200.200.200.172(57026) <-> 200.200.200.101(443)
2 1  1398708282.8530 (0.0016)  C>SV3.1(75)  Handshake
      ClientHello
        Version 3.1
        random[32]=
          f8 9c 48 5c 7b e5 2b 6e 83 04 87 be 32 6c f7 c7
          42 fe b8 3c d9 8f ee 56 b5 bd 70 48 1f 37 50 56
        cipher suites
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        Unknown value 0xc013
        Unknown value 0xc014
        Unknown value 0xc012
        Unknown value 0xff
        compression methods
                  NULL

Forum Discussion

Server SSL Profile ciphers

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Disabling Ciphers

F5 Hardened Cipher suite profile (pentest recommendation)

HTTPS communication and client and server ssl profile

SSL cipher: improve performance

ASM Logging profile w/ Remote Storage

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS