Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Feb 27, 2018

Soft Disable Cipher but enable the following .....

I'm looking to soft disable RSA as the key exchange but enable the following cipher string,

TLS_RSA_WITH_AES_128_CBC_SHA256

I've tried -RSA:AES128-CBC-SHA256 and some various similar commands but the F5 doesnt seem to accept it.

Can anyone guide me please?

I've read the following but still cant get it to work using there examples https://devcentral.f5.com/articles/cipher-suite-practices-and-pitfalls-25564

application delivery

Anesh
Cirrostratus
Feb 27, 2018
If you want to remove cipher suites using RSA key Exchange, try below:

DEFAULT:!RSA
Anesh
Cirrostratus
Feb 28, 2018
Can you provide the output of the below commands

tmm --clientciphers '-RSA:AES128-SHA256'

and

tmm --clientciphers '-RSA:RSA+AES+SHA'

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming