For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

genseek_32178's avatar
genseek_32178
Icon for Nimbostratus rankNimbostratus
Feb 21, 2013

SSL Cipher String

Hi,   What is the procedure to change the cipher string from an existing one to a new one more stronger one? Can it be done via CLI on all https virtual servers? If yes, how, please mention the co...
basic
getting started
new to f5
What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Feb 21, 2013
Spooky, I answered a very similar question a while back. I'll try and add the commands in later. It'll be pretty manual assuming all the VSs have a different profile assigned but if they are based on the default profile and rely on its cipher setting it could be a one liner in tmsh;

 

 

As for pre and post checks I'd suggest the following as a minimum (ideally from the CLI);

 

•-Check available disk, CPU and memory resources - make a note

 

•-Check the logs to make sure the device is stable and nothing that might affect your change is being reported

 

•-Check no one else is on the box

 

•-Save the config on and off box

 

•-Check connection levels to the VS in question - make a note

 

•-Check whatever other statistics etc. that you can in relation to the function/objects you are changing

 

•-Make sure you have a backout plan

 

•-If it's a HA setup, make sure the standby(s) are operational and the config is in sync

 

-Make the change

 

•-Compare everything you recorded pre-change with the post-change state/statistics

 

•-Check the logs

 

•-Test, test, test