Forum Discussion
LoyalSoldier
Altostratus
F5 article on configuring ciphers: https://support.f5.com/csp/article/K13171
See the result of a string on a device via CLI bash with this command:
tmm --clientciphers ''
Example:
tmm --clientciphers 'NATIVE:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:!SSLv3:!TLSv1:!EXPORT:!DH:!ADH:!LOW:!MD5:!RC4:RSA+AES:RSA+3DES:@STRENGTH'
The "@STRENGTH" tells it to sort the ciphers by strength, strongest first.
Also see: F5 SSL Everywhere Recommended Practices
https://f5.com/Portals/1/Premium/Architectures/RA-SSL-Everywhere-deployment-guide.pdfOnce you have a cipher string you want, add it to your SSL profile, sshd, or httpd.
SFiddy_313786
Jun 28, 2017Nimbostratus
This is information I already was aware of. My problem is the getting the exact ciphers in the exact order as my original post. I haven't figured out that string and I have spent quite a bit of time formatting and testing. I am looking for assistance from someone who can show me.