Forum Discussion
LoyalSoldier_28
Nimbostratus
F5 article on configuring ciphers: https://support.f5.com/csp/article/K13171
See the result of a string on a device via CLI bash with this command:
tmm --clientciphers ''
Example:
tmm --clientciphers 'NATIVE:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:!SSLv3:!TLSv1:!EXPORT:!DH:!ADH:!LOW:!MD5:!RC4:RSA+AES:RSA+3DES:@STRENGTH'
The "@STRENGTH" tells it to sort the ciphers by strength, strongest first.
Also see: F5 SSL Everywhere Recommended Practices
https://f5.com/Portals/1/Premium/Architectures/RA-SSL-Everywhere-deployment-guide.pdfOnce you have a cipher string you want, add it to your SSL profile, sshd, or httpd.
LoyalSoldier_28
Jun 28, 2017Nimbostratus
SFiddy,
 
Have you seen this article? Looks like it might help with what you are trying to do. https://devcentral.f5.com/s/feed/0D51T00006i7buMSAQ
 
Another article, that includes a example of testing them: https://devcentral.f5.com/s/articles/ssl-profiles-part-4-cipher-suites