Forum Discussion
Danny_Cabrera_3
Nimbostratus
NimbostratusWeak Ciphers Supported
Hello, BIG IP F5 LTM 12.1.2, Hotfix-BIGIP-12.1.2.2.0.276-HF2
I have one ssl client profile with the following cipher:DEFAULT:!3DES:!DHE!TLSv1:!TLSv1_1
When I perform an SSL scan of the asso...
This is because you DH 1024 bit. big-ip does not support dhe 2048 due to some technical aspects of such type of ciphers. You can disable DHE and use ECDHE instead.
Are you sure you are connecting to big-ip directly? There is not RSA-DHE cipher listed on version 12.1.2 with cipher string you used.
tmm --clientciphers 'DEFAULT:!DHE:!TLSv1:!TLSv1_1:!3DES'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA
1: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA
2: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
3: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
4: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
5: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
6: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
7: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
8: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
9: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
10: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
11: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
12: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
13: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
