Strategy for updating large amount of SSL profiles associated with a single virtual server
I'm looking to shed some of the older ciphers that are a part of the DEFAULT cipher string in our SSL profiles. The problem is, we host quite a few SSL profiles (100+) with a single virtual server. I discovered that I'm unable to update a single profile that's applied to a virtual server that has others with a (then) mismatched security policy. The support article from F5 says that I will have to remove all of the client SSL profiles from the server, update them all, and then re-add them all back. (https://support.f5.com/csp/article/K04316654)
Is it possible that something like this could be scripted so that 1) I can reduce the amount of hand-work editing each of these individual profiles and 2) more importantly reduce the maintenance window that I'll inevitably need to schedule as removing the profiles will cause an interruption in my production web traffic.
Or any other angles to this that I'm not seeing that might make this a smoother adjustment?