For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

lostmyspaceship

Icon for Nimbostratus rank

Nimbostratus

Nov 18, 2014

TLS 1.2 and PFS on 10.2.4

Hi guys, I have a problem enabling both TLS 1.2 and PFS on a 10.2.4 unit. Using the following string should do it in theory: COMPAT:+TLSv1_2:EDH:!MD5:!EXPORT:!ADH:!DES:!RC4:!SSLv3:@STRENGTH And t...

application delivery

BIG-IP Access Policy Manager (APM)

Ken_Schultz_525

Icon for Nimbostratus rank

Nimbostratus

Nov 18, 2014

So what does --clientciphers output for you with my suggested cipherstring?

lostmyspaceship
Nimbostratus
Nov 18, 2014
Nothing: tmm --clientcipher 'EDH:!SSLv3:!DES:@STRENGTH' ID SUITE BITS PROT METHOD CIPHER MAC KEYX tmm --clientcipher 'EDH+TLSv1_2:EDH:!SSLv3:!DES:@STRENGTH' ID SUITE BITS PROT METHOD CIPHER MAC KEYX
lostmyspaceship
Nimbostratus
Nov 18, 2014
And with COMPAT added it adds all the other stuff that isn't needed: g tmm --clientcipher 'COMPAT:EDH:!SSLv3:!DES:@STRENGTH' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 58 ADH-AES256-SHA 256 TLS1 Compat AES SHA ADH 1: 58 ADH-AES256-SHA 256 TLS1.2 Compat AES SHA ADH 2: 58 ADH-AES256-SHA 256 DTLS1 Compat AES SHA ADH 3: 57 DHE-RSA-AES256-SHA 256 TLS1 Compat AES SHA EDH/RSA 4: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Compat AES SHA EDH/RSA 5: 57 DHE-RSA-AES256-SHA 256 DTLS1 Compat AES SHA EDH/RSA 6: 27 ADH-DES-CBC3-SHA 192 TLS1 Compat DES SHA ADH 7: 27 ADH-DES-CBC3-SHA 192 TLS1.2 Compat DES SHA ADH 8: 27 ADH-DES-CBC3-SHA 192 DTLS1 Compat DES SHA ADH 9: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1 Compat DES SHA EDH/RSA 10: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.2 Compat DES SHA EDH/RSA 11: 22 DHE-RSA-DES-CBC3-SHA 192 DTLS1 Compat DES SHA EDH/RSA 12: 0 DES-CBC3-MD5 192 SSL2 Compat DES MD5 RSA 13: 24 ADH-RC4-MD5 128 TLS1 Compat RC4 MD5 ADH 14: 24 ADH-RC4-MD5 128 TLS1.2 Compat RC4 MD5 ADH 15: 52 ADH-AES128-SHA 128 TLS1 Compat AES SHA ADH 16: 52 ADH-AES128-SHA 128 TLS1.2 Compat AES SHA ADH 17: 52 ADH-AES128-SHA 128 DTLS1 Compat AES SHA ADH 18: 51 DHE-RSA-AES128-SHA 128 TLS1 Compat AES SHA EDH/RSA 19: 51 DHE-RSA-AES128-SHA 128 TLS1.2 Compat AES SHA EDH/RSA 20: 51 DHE-RSA-AES128-SHA 128 DTLS1 Compat AES SHA EDH/RSA 21: 0 RC4-MD5 128 SSL2 Compat RC4 MD5 RSA 22: 0 RC2-CBC-MD5 128 SSL2 Compat RC2 MD5 RSA 23: 0 RC4-64-MD5 64 SSL2 Compat RC4 MD5 RSA 24: 97 EXP1024-RC2-CBC-MD5 56 TLS1 Compat RC2 MD5 RSA 25: 97 EXP1024-RC2-CBC-MD5 56 TLS1.2 Compat RC2 MD5 RSA 26: 97 EXP1024-RC2-CBC-MD5 56 DTLS1 Compat RC2 MD5 RSA 27: 6 EXP-RC2-CBC-MD5 40 TLS1 Compat RC2 MD5 RSA 28: 6 EXP-RC2-CBC-MD5 40 TLS1.2 Compat RC2 MD5 RSA 29: 6 EXP-RC2-CBC-MD5 40 DTLS1 Compat RC2 MD5 RSA 30: 23 EXP-ADH-RC4-MD5 40 TLS1 Compat RC4 MD5 ADH 31: 23 EXP-ADH-RC4-MD5 40 TLS1.2 Compat RC4 MD5 ADH 32: 0 EXP-RC4-MD5 40 SSL2 Compat RC4 MD5 RSA 33: 0 EXP-RC2-CBC-MD5 40 SSL2 Compat RC2 MD5 RSA

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Academy at AppWorld 2026

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5