Forum Discussion

Cirrus

Feb 02, 2018

SSL Cipher tweaking

Hi, To be honest i do not completely understand how the cipher string is constructed, but I normally use this one, that used to give me grade A on ssllabs: !LOW:!SSLv2:!SSLv3:!MD5:!RC4+SHA:!EXPO...

Nimbostratus

Feb 02, 2018

If upgrading is not an option, I think you should change the cipher on your client profile. You could use this one:

'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256'

Keep in mind, assuming that your are using SSL offloading on the LB, ssllabs checks the connection to the load balancer (not to the real server.) So, if the server doesn't support AEAD, you can relax the ciphers on the server profile.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL Cipher tweaking

Recent Discussions

unable to question about getting hsl data to be formatted properly in splunk

question about getting hsl data to be formatted properly in splunk

Problem with lets encrypt and redirect after update

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

REST API to download License JSON report?

Related Content

Web UI Tweaks

WebUI Tweaks OLD

Help tweaking my iRule

Web UI Tweaks Chrome plugin

Cipher Suites Supported (12.1.5.3)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS