Forum Discussion

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    3DES is no longer included in "DEAULT" on v13.1, unlike v11.6.3. It is still listed in 'NATIVE', though:

     tmm --clientciphers 'NATIVE' | grep CBC3
    98: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1    Native  DES       SHA     ECDHE_RSA 
    99: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1.1  Native  DES       SHA     ECDHE_RSA 
    100: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1.2  Native  DES       SHA     ECDHE_RSA 
    101: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1    Native  DES       SHA     ECDH_RSA  
    102: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1.1  Native  DES       SHA     ECDH_RSA  
    103: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1.2  Native  DES       SHA     ECDH_RSA  
    104:    10  DES-CBC3-SHA                     168  TLS1    Native  DES       SHA     RSA       
    105:    10  DES-CBC3-SHA                     168  TLS1.1  Native  DES       SHA     RSA       
    106:    10  DES-CBC3-SHA                     168  TLS1.2  Native  DES       SHA     RSA       
    107:    10  DES-CBC3-SHA                     168  DTLS1   Native  DES       SHA     RSA       
    108: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1    Native  DES       SHA     ECDHE_ECDSA
    109: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1.1  Native  DES       SHA     ECDHE_ECDSA
    110: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1.2  Native  DES       SHA     ECDHE_ECDSA
    111: 49155  ECDH-ECDSA-DES-CBC3-SHA          168  TLS1    Native  DES       SHA     ECDH_ECDSA
    112: 49155  ECDH-ECDSA-DES-CBC3-SHA          168  TLS1.1  Native  DES       SHA     ECDH_ECDSA
    113: 49155  ECDH-ECDSA-DES-CBC3-SHA          168  TLS1.2  Native  DES       SHA     ECDH_ECDSA
    114:    22  DHE-RSA-DES-CBC3-SHA             168  TLS1    Native  DES       SHA     EDH/RSA   
    115:    22  DHE-RSA-DES-CBC3-SHA             168  TLS1.1  Native  DES       SHA     EDH/RSA   
    116:    22  DHE-RSA-DES-CBC3-SHA             168  TLS1.2  Native  DES       SHA     EDH/RSA   
    117:    22  DHE-RSA-DES-CBC3-SHA             168  DTLS1   Native  DES       SHA     EDH/RSA   
    118:    27  ADH-DES-CBC3-SHA                 168  TLS1    Native  DES       SHA     ADH       
    

    Try this:

     tmm --clientciphers 'DEFAULT:ECDH-RSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA' | grep CBC3
    56: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1    Native  DES       SHA     ECDH_RSA  
    57: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1.1  Native  DES       SHA     ECDH_RSA  
    58: 49165  ECDH-RSA-DES-CBC3-SHA            168  TLS1.2  Native  DES       SHA     ECDH_RSA  
    59: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1    Native  DES       SHA     ECDHE_RSA 
    60: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1.1  Native  DES       SHA     ECDHE_RSA 
    61: 49170  ECDHE-RSA-DES-CBC3-SHA           168  TLS1.2  Native  DES       SHA     ECDHE_RSA 
    62: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1    Native  DES       SHA     ECDHE_ECDSA
    63: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1.1  Native  DES       SHA     ECDHE_ECDSA
    64: 49160  ECDHE-ECDSA-DES-CBC3-SHA         168  TLS1.2  Native  DES       SHA     ECDHE_ECDSA
    
  • DES and 3DES comes under

    BulkCrypto
    and its already added with DEFAULT(NATIVE) cipher but you can't add
    3DES
    cipher alone. i believe, will come with the combination of example: RSA+3DES, ECDHE+3DES, etc.

    Did you tried

    DEFAULT:+3DES
    ?

    Confirm the F5 version and purpose to use?