Forum Discussion

SIP_354925's avatar
SIP_354925
Icon for Nimbostratus rankNimbostratus
Apr 03, 2018

Server SSL Profile

Can someone explain this in the server ssl profile properties. I thought that the BIG-IP was server cipher preference. So between the BIG-IP and server the BIG-IP is the client. But from the statemen...
ASM Advanced WAF
security
Kevin_K_51432's avatar
Kevin_K_51432
Historic F5 Account

Greetings,

 

I think the intent of this option is to cause BIG-IP to pause the client side SSL connection, handshake with the server, get the server's cipher and then negotiation with the client using that cipher. However, I don't believe this option works based on this article which probably needs an update:

 

https://support.f5.com/csp/article/K12390

 

Hope this is helpful!

 

Kevin

 

Kevin_K_51432's avatar
Kevin_K_51432
Historic F5 Account
Apr 04, 2018

Your welcome. I've requested an update for the article.

 

After digging in a bit more, I'd like to confirm that you were correct in your initial summary:

 

"I thought that the BIG-IP was server cipher preference"

 

So if this bug is fixed, either the option will be removed, or another possible option could be to move this into the enabled box of the SSL profile.

 

Kevin