SSL profile. Ciphers

Question

Hi All,&nbsp;
can i enable only one cipher in ssl profile not whole family? For example RSA-AES-256-CBC-SHA not RSA+AES.&nbsp;
regards&nbsp;

kevin_stewart · Answer

Of course. Just use the following string in the client SSL profile Ciphers box:
'!SSLv3:AES256-SHA'

It's worth noting here that most SSL stacks will arbitrarily remove portions of what are considered "default" ciphers if they're included in the cipher string. The general rule is:

If the key exchange is RSA, do not include RSA in the cipher string

If the block cipher mode is CBC, do not include CBC in the cipher string

That then leaves you with AES256-SHA, but that alone is possible in SSLv3 and all of the TLS versions, so we also want to remove SSLv3.

b_seweryn_15157 · Answer

well, currently it looks like that (check attachment) if add this line to cipher lists. On the left with your proposal on the left my current one.
can i enable only this one: RSA-AES-256-CBC-SHA ??&nbsp;

Forum Discussion

SSL profile. Ciphers

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Related Content

SSL Profiles Part 4: Cipher Suites

SSL Profiles Part 6: SSL Renegotiation

SSL Profiles Part 5: SSL Options

SSL Profiles Part 8: Client Authentication

SSL Profile Cipher

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS