Weak Ciphers - BigIP 11.5.4

Question

Hello Everyone,&nbsp;
I have BIG-IP 11.5.4 in production and below Ciphers for SSL profile:&nbsp;
DEFAULT:!RC4:!3DES&nbsp;
There are some open weak ciphers when I scan.&nbsp;
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)&nbsp;
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)&nbsp;
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)&nbsp;
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)&nbsp;

Can someone please help me on this, let me know how to block these and if there are any ciphers then please share it?&nbsp;

ajaz_ahmed_3671 · Answer

Anyhelp from F5 experts.&nbsp;

samir_jha_52506 · Answer

If you have only problem with above mentioned weak cipher then use below. 
Validate these cipher in non-prod environment then go for prod. 
    DEFAULT:!RC4:!3DES:!AES256-SHA256:!AES256-SHA:!AES128-SHA256:!AES128-SHA:@STRENGTH

Update us if any issue. Happy to help.

ajaz_ahmed_3671 · Answer

Hey, thanks for your help. I'll validate the given cipher and update here.&nbsp;

Forum Discussion

Weak Ciphers - BigIP 11.5.4

3 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

How can I get started with iCall

Related Content

Re: BigIP Report

Cipher Suite Practices and Pitfalls

BigIP Report Old

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

LTM Cipher rule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS