For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Koalan's avatar
Koalan
Icon for Cirrus rankCirrus
Oct 01, 2019

Strong cipher suite

Hi we are testing a url on sslab test and the current setup on our f5 have these ciphers: DEFAULT:!SSLv2:!SSLv3:!TLSv1:!RSA:!ECDHE-RSA-AES256-CBC-SHA:!ECDHE-RSA-AES128-CBC-SHA:!ECDHE-RSA-DES-CBC3-...
cipher
LTM
security
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Oct 01, 2019

Hi Koalan,

tmm --clientciphers 'ECDHE+AES':

 0: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1   AES                 SHA     ECDHE_RSA
 1: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  AES                 SHA     ECDHE_RSA
 2: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  AES                 SHA     ECDHE_RSA
 3: 49171  ECDHE-RSA-AES128-CBC-SHA         128  DTLS1  AES                 SHA     ECDHE_RSA
 4: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  AES                 SHA256  ECDHE_RSA
 5: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1   AES                 SHA     ECDHE_RSA
 6: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  AES                 SHA     ECDHE_RSA
 7: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  AES                 SHA     ECDHE_RSA
 8: 49172  ECDHE-RSA-AES256-CBC-SHA         256  DTLS1  AES                 SHA     ECDHE_RSA
 9: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  AES                 SHA384  ECDHE_RSA

You can add this:

!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES128-SHA256:

or use that:

DEFAULT:!SSLv2:!SSLv3:!TLSv1:!RSA:!ECDHE-RSA-DES-CBC3-SHA:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:!ECDHE+AES:ECDHE+AES-GCM:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4