F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Al_Faller_1969's avatar
Al_Faller_1969
Icon for Nimbostratus rankNimbostratus
Oct 22, 2014

SSL Cipher Order on LTM

Hi All -   With this whole POODLE thing, I'm reevaluating my cipher string. I am considering going with the DEFAULT setting that F5 provides (11.5.1), but I notice that it has the forward secrecy...
application delivery
ciphers
LTM
security
ssl
mimlo_61970's avatar
mimlo_61970
Icon for Cumulonimbus rankCumulonimbus
Oct 22, 2014

I can't say the reason for the default order, though it has seemed in the past F5 has preferred speed over encryption strength. I have switched to using my own lists on sites that I need the highest security on.

 

Also, I would drop RC4 completely. See https://support.f5.com/kb/en-us/solutions/public/14000/600/sol14638.html Even if you upgrade to 11.6 to mitigate this attack, most people tend to consider it broken and not advisable to use.