For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

chester_16314's avatar
chester_16314
Icon for Nimbostratus rankNimbostratus
Mar 09, 2012

SSL Profiles and Strength

Hoping this is the right group within which to pose this question.       When I view my ssl certificate summary in Chrome for instance, it says "your connection to xyz is encrypted with 128...
security
nitass's avatar
nitass
Icon for Employee rankEmployee
Mar 11, 2012
you can use @STRENGTH instead of @SPEED.

this is 10.2.3. 

[root@ve1023:Active] config  tmm --clientciphers '!SSLv2:ALL:!DH:!ADH:!EDH:!MD5:!EXPORT:!DES:@SPEED'
     ID SUITE                          BITS  PROT  METHOD CIPHER MAC    KEYX
 0:   5 RC4-SHA                         128  SSL3  Native RC4    SHA    RSA
 1:   5 RC4-SHA                         128  TLS1  Native RC4    SHA    RSA
 2:   5 RC4-SHA                         128  TLS1.2  Native RC4    SHA    RSA
 3:  47 AES128-SHA                      128  SSL3  Native AES    SHA    RSA
 4:  47 AES128-SHA                      128  TLS1  Native AES    SHA    RSA
 5:  47 AES128-SHA                      128  TLS1.2  Native AES    SHA    RSA
 6:  47 AES128-SHA                      128  DTLS1  Native AES    SHA    RSA
 7:  53 AES256-SHA                      256  SSL3  Native AES    SHA    RSA
 8:  53 AES256-SHA                      256  TLS1  Native AES    SHA    RSA
 9:  53 AES256-SHA                      256  TLS1.2  Native AES    SHA    RSA
10:  53 AES256-SHA                      256  DTLS1  Native AES    SHA    RSA
11:  10 DES-CBC3-SHA                    192  SSL3  Native DES    SHA    RSA
12:  10 DES-CBC3-SHA                    192  TLS1  Native DES    SHA    RSA
13:  10 DES-CBC3-SHA                    192  TLS1.2  Native DES    SHA    RSA
14:  10 DES-CBC3-SHA                    192  DTLS1  Native DES    SHA    RSA
15:  60 AES128-SHA256                   128  TLS1.2  Native AES    SHA256 RSA
16:  61 AES256-SHA256                   256  TLS1.2  Native AES    SHA256 RSA

[root@ve1023:Active] config  tmm --clientciphers '!SSLv2:ALL:!DH:!ADH:!EDH:!MD5:!EXPORT:!DES:@STRENGTH'
     ID SUITE                          BITS  PROT  METHOD CIPHER MAC    KEYX
 0:  53 AES256-SHA                      256  SSL3  Native AES    SHA    RSA
 1:  53 AES256-SHA                      256  TLS1  Native AES    SHA    RSA
 2:  53 AES256-SHA                      256  TLS1.2  Native AES    SHA    RSA
 3:  53 AES256-SHA                      256  DTLS1  Native AES    SHA    RSA
 4:  61 AES256-SHA256                   256  TLS1.2  Native AES    SHA256 RSA
 5:  10 DES-CBC3-SHA                    192  SSL3  Native DES    SHA    RSA
 6:  10 DES-CBC3-SHA                    192  TLS1  Native DES    SHA    RSA
 7:  10 DES-CBC3-SHA                    192  TLS1.2  Native DES    SHA    RSA
 8:  10 DES-CBC3-SHA                    192  DTLS1  Native DES    SHA    RSA
 9:   5 RC4-SHA                         128  SSL3  Native RC4    SHA    RSA
10:   5 RC4-SHA                         128  TLS1  Native RC4    SHA    RSA
11:   5 RC4-SHA                         128  TLS1.2  Native RC4    SHA    RSA
12:  47 AES128-SHA                      128  SSL3  Native AES    SHA    RSA
13:  47 AES128-SHA                      128  TLS1  Native AES    SHA    RSA
14:  47 AES128-SHA                      128  TLS1.2  Native AES    SHA    RSA
15:  47 AES128-SHA                      128  DTLS1  Native AES    SHA    RSA
16:  60 AES128-SHA256                   128  TLS1.2  Native AES    SHA256 RSA