SSL cipher order

Question

Hello guys,
I am looking for some info on how to change the order of SSL ciphers that the LTM can negotiate. More specifically, I'd like to have strong ciphers first, and have one weaker cipher in the end, hoping this cipher will be negotiated only when the client doesn't not support any of the stronger ciphers. I see that there is the option to order the ciphers by Speed, but I suppose this is the opposite of what I am looking for.
If I omit the @SPEED string, what is the cipher order? Can I perhaps order the cipher by specifying them consecutively one by one in the cipher string value field?&nbsp;
I searched through DevCentral and the AskF5 page, but could not find more info on this.&nbsp;

ccb · Answer

Hi,&nbsp;
https://devcentral.f5.com/articles/ssl-profiles-part-4-cipher-suites.U5rIoPmSy1k&nbsp;
It will give you an example of strength before speed using the openssl syntax. Hope that helps.&nbsp;

Forum Discussion

SSL cipher order

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

iRule Event Order Flowchart

SSL Profiles Part 4: Cipher Suites

Cipher Suite Practices and Pitfalls

Enforce Server Cipher proposal in preferred order

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS