Forum Discussion

Nimbostratus

Aug 08, 2018

Unexpected SSL Client Behavior

I have an SSL Client profile with a cipher list that is sorted by preferred cipher order: AES256-SHA256:AES256-SHA:DES-CBC3-SHA:AES128-SHA256:AES128-SHA:CAMELLIA256-SHA:CAMELLIA128-SHA:DHE-RSA-AE...

Historic F5 Account

Aug 09, 2018

The BIG-IP should always use the server cipher list as the sole authority on the order of chosen ciphers (https://support.f5.com/csp/article/K12390). Given that, I suspect that the clients are not offering up the stronger ciphers as available. If the clients are offering up the same client hello, the BIG-IP will choose the same way every time.

You can see the list of ciphers offered by the client in a packet capture by looking at "Client Hello" packet in wireshark. It will be the first packing after the TCP handshake is complete.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Unexpected SSL Client Behavior

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

iRule - unexpected behavior

Behavior of outbound DNS query from LTM behavior

Behavioral DDOS Grafana Dashboard using BIG-IP APIs

BIG-IP Upgrades Part 2 - Upgrade Behavior

Enhance your Application Security using Client-side signals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS