Forum Discussion
RayThomsen_7557
Nimbostratus
NimbostratusSOL15882
I don't understand the suggested change on this page
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
for updating ssl profiles on LTMs. Specifically for BIG-IP 10.x - 11.4.1 how is:
!SSLv3:RC4-SHA
Any different from
!SSLv3
without the bang, you are enabling, but if it's not excluded it is enabled, right? I assume I'm missing something, but I can't figure out what it is.
2 Replies
DevBabuCirrus
so here what I get, on my 11.4.1 LTM box tmm --clientciphers '!SSLv3' ID SUITE BITS PROT METHOD CIPHER MAC KEYX No ciphers listed. Here you are disabling sslv3 and no any other ciphers/protocols provided. tmm --clientciphers '!SSLv3:RC4-SHA' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA 1: 5 RC4-SHA 128 TLS1.1 Native RC4 SHA RSA 2: 5 RC4-SHA 128 TLS1.2 Native RC4 SHA RSA So the List has RC4 SHA without SSLv3.
natheCirrocumulus
This means disable sslv3, as in the 2nd example but only allow rc4-sha ciphers. That's the difference. !sslv3 on its own would allow AES ciphers and more, as an example.
N
