Weak Ciphers - BigIP 11.5.4

Question

Hello Everyone,&nbsp;
I have BIG-IP 11.5.4 in production and below Ciphers for SSL profile:&nbsp;
DEFAULT:!RC4:!3DES&nbsp;
There are some open weak ciphers when I scan.&nbsp;
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)&nbsp;
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)&nbsp;
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)&nbsp;
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)&nbsp;

Can someone please help me on this, let me know how to block these and if there are any ciphers then please share it?&nbsp;

ajaz_ahmed_3671 · Answer

Anyhelp from F5 experts.&nbsp;

samir_jha_52506 · Answer

If you have only problem with above mentioned weak cipher then use below. 
Validate these cipher in non-prod environment then go for prod. 
    DEFAULT:!RC4:!3DES:!AES256-SHA256:!AES256-SHA:!AES128-SHA256:!AES128-SHA:@STRENGTH

Update us if any issue. Happy to help.

ajaz_ahmed_3671 · Answer

Hey, thanks for your help. I'll validate the given cipher and update here.&nbsp;

Forum Discussion

Weak Ciphers - BigIP 11.5.4

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

Re: BigIP Report

Cipher Suite Practices and Pitfalls

BigIP Report Old

LTM Cipher rule

Disabling Weak Ciphers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS