Forum Discussion
AaronMLong_1021
Cirrus
CirrusTLS support in iRule editor
After updating my supported cipher/protocol list on the default clientssl profile on my BigIP LTM:
NATIVE:!MD5:!EXPORT:!DES:!DHE:!EDH:!RC4:!ADH:!SSLv3:!TLSv1:-RC4:@SPEED
I'm no longer able ...
Thanks, Kai & Mo. Any chance that better TLS support is going to show up in an upcoming update of the iRule editor? I can certainly use Fiddler to proxy it, but it does seem silly.
when using the cipher string you provided, the cipher used by default clientssl profile are below, doesn't contain TLS1.0. so it might be the cause. you could capture ssl session btw iRule Editor and the bigip to find out more info.
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
1: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA
2: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
3: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA
4: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
6: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDHE_ECDSA
7: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDHE_ECDSA
8: 163 DHE-DSS-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 DHE/DSS
9: 106 DHE-DSS-AES256-SHA256 256 TLS1.2 Native AES SHA256 DHE/DSS
10: 56 DHE-DSS-AES256-SHA 256 TLS1.1 Native AES SHA DHE/DSS
11: 56 DHE-DSS-AES256-SHA 256 TLS1.2 Native AES SHA DHE/DSS
12: 56 DHE-DSS-AES256-SHA 256 DTLS1 Native AES SHA DHE/DSS
13: 49202 ECDH-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDH_RSA
14: 49198 ECDH-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDH_ECDSA
15: 49194 ECDH-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDH_RSA
16: 49190 ECDH-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDH_ECDSA
17: 49167 ECDH-RSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDH_RSA
18: 49167 ECDH-RSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDH_RSA
19: 49157 ECDH-ECDSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDH_ECDSA
20: 49157 ECDH-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDH_ECDSA
21: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA
22: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
23: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
24: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
25: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
26: 49170 ECDHE-RSA-DES-CBC3-SHA 168 TLS1.1 Native DES SHA ECDHE_RSA
27: 49170 ECDHE-RSA-DES-CBC3-SHA 168 TLS1.2 Native DES SHA ECDHE_RSA
28: 49160 ECDHE-ECDSA-DES-CBC3-SHA 168 TLS1.1 Native DES SHA ECDHE_ECDSA
29: 49160 ECDHE-ECDSA-DES-CBC3-SHA 168 TLS1.2 Native DES SHA ECDHE_ECDSA
30: 49165 ECDH-RSA-DES-CBC3-SHA 168 TLS1.1 Native DES SHA ECDH_RSA
31: 49165 ECDH-RSA-DES-CBC3-SHA 168 TLS1.2 Native DES SHA ECDH_RSA
32: 49155 ECDH-ECDSA-DES-CBC3-SHA 168 TLS1.1 Native DES SHA ECDH_ECDSA
33: 49155 ECDH-ECDSA-DES-CBC3-SHA 168 TLS1.2 Native DES SHA ECDH_ECDSA
34: 10 DES-CBC3-SHA 168 TLS1.1 Native DES SHA RSA
35: 10 DES-CBC3-SHA 168 TLS1.2 Native DES SHA RSA
36: 10 DES-CBC3-SHA 168 DTLS1 Native DES SHA RSA
37: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
38: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA
39: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
40: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA
41: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
42: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
43: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.1 Native AES SHA ECDHE_ECDSA
44: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDHE_ECDSA
45: 162 DHE-DSS-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 DHE/DSS
46: 64 DHE-DSS-AES128-SHA256 128 TLS1.2 Native AES SHA256 DHE/DSS
47: 50 DHE-DSS-AES128-SHA 128 TLS1.1 Native AES SHA DHE/DSS
48: 50 DHE-DSS-AES128-SHA 128 TLS1.2 Native AES SHA DHE/DSS
49: 50 DHE-DSS-AES128-SHA 128 DTLS1 Native AES SHA DHE/DSS
50: 49201 ECDH-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDH_RSA
51: 49197 ECDH-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDH_ECDSA
52: 49193 ECDH-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDH_RSA
53: 49189 ECDH-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDH_ECDSA
54: 49166 ECDH-RSA-AES128-SHA 128 TLS1.1 Native AES SHA ECDH_RSA
55: 49166 ECDH-RSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDH_RSA
56: 49156 ECDH-ECDSA-AES128-SHA 128 TLS1.1 Native AES SHA ECDH_ECDSA
57: 49156 ECDH-ECDSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDH_ECDSA
58: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA
59: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
60: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
61: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
62: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
63: 135 DHE-DSS-CAMELLIA256-SHA 256 TLS1.1 Native CAMELLIA SHA DHE/DSS
64: 135 DHE-DSS-CAMELLIA256-SHA 256 TLS1.2 Native CAMELLIA SHA DHE/DSS
65: 132 CAMELLIA256-SHA 256 TLS1.1 Native CAMELLIA SHA RSA
66: 132 CAMELLIA256-SHA 256 TLS1.2 Native CAMELLIA SHA RSA
67: 68 DHE-DSS-CAMELLIA128-SHA 128 TLS1.1 Native CAMELLIA SHA DHE/DSS
68: 68 DHE-DSS-CAMELLIA128-SHA 128 TLS1.2 Native CAMELLIA SHA DHE/DSS
69: 65 CAMELLIA128-SHA 128 TLS1.1 Native CAMELLIA SHA RSA
70: 65 CAMELLIA128-SHA 128 TLS1.2 Native CAMELLIA SHA RSA