SSL Key length changed after 11.6.0 upgrade

Question

Hi,
We recently upgraded from 11.4.1 to 11.6.0. Since then we have noticed an apparent drop in traffic in one of our monitoring tools, but this doesn't correlate to anywhere else.&nbsp;
After much digging around we have noticed that the majority of traffic is now using SHA256 ciphers, whereas all traffic was previously SHA128 encrypted. &nbsp;
We obviously need to work with our monitoring provider to upgrade their capabilities, but is there a way we can drop back down to SHA128, temporarily? I can't see any options under the SSH client profile.&nbsp;
Thanks, &nbsp;
Damian&nbsp;

damian_19221 · Answer

I've been digging around and found a matrix of all the supported versions of SSL for 11.x
Would updating my Cipher list in SSL Client profile as below work? This is just including the ciphers supported in 11.4. Again, this is temporarily until our monitoring provider can update their supported ciphers.
RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-DES-CBC-SHA:DHE-RSA-DES-CBC3-SHA:AES128-SHA256:AES256-SHA256:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:!SSLv3

https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html

Forum Discussion

SSL Key length changed after 11.6.0 upgrade

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP in https that redirect to another vip in https

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Unblock Request WAF

F5OS login with admin/root failed via console

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Related Content

Can't change sync type or failover after tenant upgrade.

SSL length key

Error post F5 upgrade

Upgrade F5 BIGIP

iHealth Upgrade Advisor: Making upgrades a little easier

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS