SSL profile Cipher string

Question

I upgraded our LTM device from 12.1.2 to 13.1.1 and some of the default ciphers were removed which broke the handshake for some of our older clients. This is the cipher the client uses that worked in 12.1.2 (seen in wiresharKk) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA When I run tmm --clientciphers DEFAULT - on the 13.1.1 box I can see that is no longer in the defaults. when I run the same command on the 12.1.2 box I do see it (below)

   ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX

28: 10 DES-CBC3-SHA 168 TLS1 Native DES SHA RSA

My question is -how do I enter that as a cipher string in the SSL profile ? is it just DES or is it DES-CBC3-SHA I would test both but this in production so I can't keep flipping between the new and old code (active and standby) just to test. hopefully this is an easy answer but I couldn't find online anywhere telling exactly which string to use for which suite.

kevin_stewart · Answer

Try this:
tmm --clientciphers 'DEFAULT:3DES'

Forum Discussion

SSL profile Cipher string

Recent Discussions

F5 LTM listening on 3306

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

irule to enable http/2 acceleration

VS FORWARDING & ROUTE

Statistics ›› Analytics : HTTP : Overview

Related Content

Python script to print report of VIPs, corresponding profiles, SSL profile cipher strings and full cipher list

SSL Profiles Part 4: Cipher Suites

Capture Virtual Server Clientssl Profile & Ciphers Mapping - Bash

Cipher Suite Practices and Pitfalls

LTM Cipher rule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS