For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SFiddy_313786's avatar
SFiddy_313786
Icon for Nimbostratus rankNimbostratus
Jun 21, 2017

Setting ciphers manually in BIG IP

I have BIG IP v 11.6.1 and need to manual set the ciphers. Here is the list of ciphers, in order, of what I want. I have been unable to make this happen. Can someone assist?   Cipher | Suite (hex v...
BIG-IP
devops
security
LoyalSoldier's avatar
LoyalSoldier
Icon for Altostratus rankAltostratus
Jun 21, 2017

F5 article on configuring ciphers: https://support.f5.com/csp/article/K13171

See the result of a string on a device via CLI bash with this command:

tmm --clientciphers ''

Example:

tmm --clientciphers 'NATIVE:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:!SSLv3:!TLSv1:!EXPORT:!DH:!ADH:!LOW:!MD5:!RC4:RSA+AES:RSA+3DES:@STRENGTH'

The "@STRENGTH" tells it to sort the ciphers by strength, strongest first.

Also see: F5 SSL Everywhere Recommended Practices

https://f5.com/Portals/1/Premium/Architectures/RA-SSL-Everywhere-deployment-guide.pdf

Once you have a cipher string you want, add it to your SSL profile, sshd, or httpd.

P_K's avatar
P_K
Icon for Altostratus rankAltostratus
Jun 28, 2017

what version of bigip is it?