For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

aboulleill_3013's avatar
aboulleill_3013
Icon for Nimbostratus rankNimbostratus
Dec 08, 2017

stop cipher TLS_DH_anon_WITH_AES_128_GCM_SHA256

Dears,   Please advise how can I stop this cipher from SSL profile Im not using default instead im using only 'TLSv1_2'   Thanks  
application delivery
BIG-IP
LTM
security
boneyard's avatar
boneyard
Icon for MVP rankMVP
Dec 10, 2017

why do you use just TLSv1_2? there are quite some very bad ones in that one group op ciphers next to the two anonymous ones.

 

DEFAULT on itself is much better, there you can then exclude TLS_1 and TLS1_1 if you want to have only TLS1.2.

 

but if you really want TLSv1_2 without those two do: 'TLSv1_2:!ADH'

 

PS: three questions about pretty much the same issue is kinda a lot, i think you can delete two of them.