Forum Discussion

cebrerosrechie's avatar
cebrerosrechie
Icon for Nimbostratus rankNimbostratus
Oct 20, 2023

serverssl cipher suites

Hi,

Is there an easier way to know what are the cipher suites that the backend server (pool member) can support? I have read an article but it requires to create a script. I know there is openssl but this will only show the cipher that the backend server used to communicate back with F5.

So I was thinking like if from F5 perspective will it be able to perform an sslscan what are the available ciphers suites the backend server can support?

Thanks, and regards,

Rechie

  • The way the SSL Handshake works is that the client sends its supported ciphers and the server picks one of them, so to check what ciphers are supported by the server from a client point, you need to loop through an exhaustive list of ciphers one by one and try to connect to the server, this is why it needs to be scripted. I don't think F5 provides such script. If you can't use other options apart from F5 point, you can search for a bash, pythor or perl script to run from F5, but you will need to provide it with accurate list of ciphers. I would rather use other options as it's not the job of F5 to list server ciphers

  • cebrerosrechie I'm not sure what you are attempting to solve for here. Most if not all HTTPS server applications will have a document that tells you what the SSL ciphers supported based on the configuration you have in place, especially if you haven't modified the cipher suite from the default. As an example, the following link shows you where the SSL cipher suite is configured in apache.

    https://www.namecheap.com/support/knowledgebase/article.aspx/10100/38/cipher-suites-configuration-for-apache-nginx/