For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Apr 26, 2014

Thanks for the detailed information, I'm sure many will find it useful.

If you want the order to be exactly what you want just use -ALL:ECDHE+AES256:ECDHE+AES128... as you suggest (that's -ALL:...). This avoids the need remove things with !.

I'm rather wary of SSLlabs myself and tend to double-check everything around ciphers using the 

openssl s_client
functionality. I had an Apache server that SSLlabs kept giving a C and claimed was supporting EXPORT, DES and others when I knew I'd configured it not to. OpenSSL proved I was right and SSLlabs were not.