Forum Discussion

Nimbostratus

May 20, 2016

SSL profile. Ciphers

Hi All, can i enable only one cipher in ssl profile not whole family? For example RSA-AES-256-CBC-SHA not RSA+AES. regards

LTM

security

Kevin_Stewart

Employee

May 20, 2016

Of course. Just use the following string in the client SSL profile Ciphers box:

'!SSLv3:AES256-SHA'

It's worth noting here that most SSL stacks will arbitrarily remove portions of what are considered "default" ciphers if they're included in the cipher string. The general rule is:

If the key exchange is RSA, do not include RSA in the cipher string
If the block cipher mode is CBC, do not include CBC in the cipher string

That then leaves you with AES256-SHA, but that alone is possible in SSLv3 and all of the TLS versions, so we also want to remove SSLv3.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

CIS

container ingress services

devops

Gateway Fabric

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL profile. Ciphers

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Related Content

SSL Profiles Part 4: Cipher Suites

SSL Profiles Part 6: SSL Renegotiation

SSL Profiles Part 5: SSL Options

SSL Profiles Part 8: Client Authentication

SSL Profile Cipher

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS