Forum Discussion
NimbostratusSSL Profile Cipher
Noctilucentwhat i have done is to change the Chiper in SSL Profile from DEFAULT to TLS1_2:!DES just making sure that am moving to right bath .
you may check cipher suites using tmm --clientciphers command.
K15194: Overview of the BIG-IP SSL/TLS cipher suite
https://support.f5.com/csp/article/K15194
one more thing in client Authentication there is a client certificate option i need to know ignore option thats mean user can connect with any certificate not the certificate i made in profile or what am little lose in this point.
John has written excellent article regarding client authentication here.
SSL Profiles Part 8: Client Authentication by John Wagnon
https://devcentral.f5.com/articles/ssl-profiles-part-8-client-authentication
NimbostratusIndeed i have readed this article before i post but i wanted to make sure that i have understanded it in right way and make sure of my configuration . what i want to make sure that when i write in the cipher TLS1_2:!DES:!3DES will use only TLS1.2 protcol without DES or 3DES ciphers .
And am already read SSL Profiles Part 8: Client Authentication too before i post this but am in little lose about ignore function he said that it will ignore any certificate presented and will not authenticate the client before establishing the SSL session. thats mean that it as i didnt SSL profile at all and it will accept any certificate or what .
