Forum Discussion
SFiddy_313786
Nimbostratus
NimbostratusSetting ciphers manually in BIG IP
I have BIG IP v 11.6.1 and need to manual set the ciphers. Here is the list of ciphers, in order, of what I want. I have been unable to make this happen. Can someone assist?
Cipher | Suite (hex v...
LoyalSoldier
Altostratus
AltostratusF5 article on configuring ciphers: https://support.f5.com/csp/article/K13171
See the result of a string on a device via CLI bash with this command:
tmm --clientciphers ''
Example:
tmm --clientciphers 'NATIVE:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:!SSLv3:!TLSv1:!EXPORT:!DH:!ADH:!LOW:!MD5:!RC4:RSA+AES:RSA+3DES:@STRENGTH'
The "@STRENGTH" tells it to sort the ciphers by strength, strongest first.
Also see: F5 SSL Everywhere Recommended Practices
https://f5.com/Portals/1/Premium/Architectures/RA-SSL-Everywhere-deployment-guide.pdfOnce you have a cipher string you want, add it to your SSL profile, sshd, or httpd.
LoyalSoldierAltostratus
AltostratusSFiddy,
 
Have you seen this article? Looks like it might help with what you are trying to do. https://devcentral.f5.com/s/feed/0D51T00006i7buMSAQ
 
Another article, that includes a example of testing them: https://devcentral.f5.com/s/articles/ssl-profiles-part-4-cipher-suites
 
