For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

John_Ogle_45372's avatar
John_Ogle_45372
Icon for Nimbostratus rankNimbostratus
Jun 12, 2009

SSL Client profile - OPTIONS question??

 

I have been experimenting with custom ClientSSL Profiles with minimal success. Can someone please tell me the syntax for forcing the LTM to allow connections only with this cipher suite:

 

 

TLS_RSA_WITH_RC4_128_MD5

 

 

I am assuming the correct syntax just needs to go in the options field or at least that's what I've been doing. I chose this one because this is what my browser connects at and it works but the custom app does not work.

 

 

Any help is fully appreciated.

 

 

Thank you,
config
design

1 Reply

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jun 15, 2009
    Take a look at SOL8802 and SOL7815 for details on the SSL cipher suites available:

     

     

    SOL8802: Overview of SSL ciphers supported in BIG-IP version 9.x

     

    https://support.f5.com/kb/en-us/solutions/public/8000/800/sol8802.html (Click here)

     

     

    SOL7815: Configuring the cipher strength for SSL profiles

     

    https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7815.html (Click here)

     

     

    You may also want to handle non-compliant requests more gracefully by checking the cipher strength in an iRule

     

    http://devcentral.f5.com/Wiki/default.aspx/iRules/RedirectOnWeakEncryption.html (Click here)

     

     

    Aaron