Forum Discussion
Eric_Brander_27
Nimbostratus
Apr 08, 2008SSL Encryption Level
Thanks for clicking.
I've been notified via our auditors that our BIGIP LTM is allowing weak encryption. Yet I cannot for the life of me find where I can tell the LTM to only allow Medium o...
Michael_Yates
Nimbostratus
May 10, 2010This was the recommended ciphter that we found:
ALL:!SSLv2:!EXPORT40:!EXP:!LOW
You can get the features explinations here: http://www.openssl.org/docs/apps/ciphers.html
If you want to see which of your Virtual Servers are accepting less than 128 bit ciphers you can apply this iRule that will list the Client IP Address and the Cipher strength (this should help you determine if there is a false positive):
when HTTP_REQUEST {
if { [SSL::cipher bits] < 128 }{
log local0. "[IP::remote_addr] had cipher of [SSL::cipher bits]"
}}
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects