Forum Discussion

Nimbostratus

Jun 21, 2017

Setting ciphers manually in BIG IP

I have BIG IP v 11.6.1 and need to manual set the ciphers. Here is the list of ciphers, in order, of what I want. I have been unable to make this happen. Can someone assist? Cipher | Suite (hex v...

Nimbostratus

Jun 21, 2017

F5 article on configuring ciphers: https://support.f5.com/csp/article/K13171

See the result of a string on a device via CLI bash with this command:

tmm --clientciphers ''

Example:

tmm --clientciphers 'NATIVE:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:!SSLv3:!TLSv1:!EXPORT:!DH:!ADH:!LOW:!MD5:!RC4:RSA+AES:RSA+3DES:@STRENGTH'

The "@STRENGTH" tells it to sort the ciphers by strength, strongest first.

Also see: F5 SSL Everywhere Recommended Practices

https://f5.com/Portals/1/Premium/Architectures/RA-SSL-Everywhere-deployment-guide.pdf

Once you have a cipher string you want, add it to your SSL profile, sshd, or httpd.

SFiddy_313786
Nimbostratus
Jun 28, 2017
This is information I already was aware of. My problem is the getting the exact ciphers in the exact order as my original post. I haven't figured out that string and I have spent quite a bit of time formatting and testing. I am looking for assistance from someone who can show me.
P_K
Altostratus
Jun 28, 2017
what version of bigip is it?
LoyalSoldier_28
Nimbostratus
Jun 28, 2017
SFiddy,
¬†

Have you seen this article? Looks like it might help with what you are trying to do. https://devcentral.f5.com/s/feed/0D51T00006i7buMSAQ
¬†

Another article, that includes a example of testing them: https://devcentral.f5.com/s/articles/ssl-profiles-part-4-cipher-suites
¬†
SFiddy_313786
Nimbostratus
Jun 28, 2017
I am using 11.6.1