What could be the Cipher String to add 3DES Cipher to SSL Profile ?

Question

I want to add 3DES Cipher.&nbsp;
Is it good to use default:sslv3 or DEFAULT:SSLV3:+3DES or DEFAULT:3DES. Please Suggest.&nbsp;

samir_jha_52506 · Answer

DES and 3DES comes under BulkCrypto and its already added with DEFAULT(NATIVE) cipher but you can't add 3DES cipher alone. i believe, will come with the combination of example: RSA+3DES, ECDHE+3DES, etc. 
Did you tried DEFAULT:+3DES ?
Confirm the F5 version and purpose to use?

jg · Answer

3DES is no longer included in "DEAULT" on v13.1, unlike v11.6.3. It is still listed in 'NATIVE', though:
 tmm --clientciphers 'NATIVE' | grep CBC3
98: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1    Native  DES       SHA     ECDHE_RSA 
99: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1.1  Native  DES       SHA     ECDHE_RSA 
100: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1.2  Native  DES       SHA     ECDHE_RSA 
101: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1    Native  DES       SHA     ECDH_RSA  
102: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1.1  Native  DES       SHA     ECDH_RSA  
103: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1.2  Native  DES       SHA     ECDH_RSA  
104:    10  DES-CBC3-SHA                     168  TLS1    Native  DES       SHA     RSA       
105:    10  DES-CBC3-SHA                     168  TLS1.1  Native  DES       SHA     RSA       
106:    10  DES-CBC3-SHA                     168  TLS1.2  Native  DES       SHA     RSA       
107:    10  DES-CBC3-SHA                     168  DTLS1   Native  DES       SHA     RSA       
108: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1    Native  DES       SHA     ECDHE_ECDSA
109: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1.1  Native  DES       SHA     ECDHE_ECDSA
110: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1.2  Native  DES       SHA     ECDHE_ECDSA
111: 49155  ECDH-ECDSA-DES-CBC3-SHA          168  TLS1    Native  DES       SHA     ECDH_ECDSA
112: 49155  ECDH-ECDSA-DES-CBC3-SHA          168  TLS1.1  Native  DES       SHA     ECDH_ECDSA
113: 49155  ECDH-ECDSA-DES-CBC3-SHA          168  TLS1.2  Native  DES       SHA     ECDH_ECDSA
114:    22  DHE-RSA-DES-CBC3-SHA             168  TLS1    Native  DES       SHA     EDH/RSA   
115:    22  DHE-RSA-DES-CBC3-SHA             168  TLS1.1  Native  DES       SHA     EDH/RSA   
116:    22  DHE-RSA-DES-CBC3-SHA             168  TLS1.2  Native  DES       SHA     EDH/RSA   
117:    22  DHE-RSA-DES-CBC3-SHA             168  DTLS1   Native  DES       SHA     EDH/RSA   
118:    27  ADH-DES-CBC3-SHA                 168  TLS1    Native  DES       SHA     ADH

Try this:
 tmm --clientciphers 'DEFAULT:ECDH-RSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA' | grep CBC3
56: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1    Native  DES       SHA     ECDH_RSA  
57: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1.1  Native  DES       SHA     ECDH_RSA  
58: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1.2  Native  DES       SHA     ECDH_RSA  
59: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1    Native  DES       SHA     ECDHE_RSA 
60: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1.1  Native  DES       SHA     ECDHE_RSA 
61: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1.2  Native  DES       SHA     ECDHE_RSA 
62: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1    Native  DES       SHA     ECDHE_ECDSA
63: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1.1  Native  DES       SHA     ECDHE_ECDSA
64: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1.2  Native  DES       SHA     ECDHE_ECDSA

Forum Discussion

What could be the Cipher String to add 3DES Cipher to SSL Profile ?

2 Replies

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Query on source IP preservation for syslog traffic through F5 virtual server

Related Content

Python script to print report of VIPs, corresponding profiles, SSL profile cipher strings and full cipher list

SSL Profiles Part 4: Cipher Suites

Capture Virtual Server Clientssl Profile & Ciphers Mapping - Bash

Cipher Suite Practices and Pitfalls

Intermediate iRules: Handling Strings

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS