Forum Discussion

Koalan's avatar
Koalan
Icon for Cirrus rankCirrus
Oct 01, 2019

Strong cipher suite

Hi we are testing a url on sslab test and the current setup on our f5 have these ciphers: DEFAULT:!SSLv2:!SSLv3:!TLSv1:!RSA:!ECDHE-RSA-AES256-CBC-SHA:!ECDHE-RSA-AES128-CBC-SHA:!ECDHE-RSA-DES-CBC3-...
cipher
LTM
security
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Oct 01, 2019

Hi Koalan,

tmm --clientciphers 'ECDHE+AES':

 0: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1   AES                 SHA     ECDHE_RSA
 1: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  AES                 SHA     ECDHE_RSA
 2: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  AES                 SHA     ECDHE_RSA
 3: 49171  ECDHE-RSA-AES128-CBC-SHA         128  DTLS1  AES                 SHA     ECDHE_RSA
 4: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  AES                 SHA256  ECDHE_RSA
 5: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1   AES                 SHA     ECDHE_RSA
 6: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  AES                 SHA     ECDHE_RSA
 7: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  AES                 SHA     ECDHE_RSA
 8: 49172  ECDHE-RSA-AES256-CBC-SHA         256  DTLS1  AES                 SHA     ECDHE_RSA
 9: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  AES                 SHA384  ECDHE_RSA

You can add this:

!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES128-SHA256:

or use that:

DEFAULT:!SSLv2:!SSLv3:!TLSv1:!RSA:!ECDHE-RSA-DES-CBC3-SHA:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:!ECDHE+AES:ECDHE+AES-GCM:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4