Cipher Rules And Groups in BIG-IP v13

My mother used to always tell me two things before I left for school in the morning. Be wary of what ciphers your application supports Never use the Default cipher list unless you have compatibi...

application delivery

Admin

I do stuff.

View Profile

dragonflymr

Cirrostratus

Jun 07, 2018

Hi,

I did the same test (13.1.0.6 on VE) as Chase and no live update :-(

Steps:

Client SSL profile with cache disbaled
Group with only f5-ecc assigned
Rule with only ECDHE:ECDHE_ECDSA created and assigned to Restrict in group
nmap test - TLSv1.0, 1.1 and 1.2 ciphers listed
Edited rule with :!TLSv1:!TLSv1_1
nmap test - still ciphers for all protocols listed (but when checking in group not TLSv1.0 and 1.1 ciphers present)
Edited VS by changing client ssl profile to some other and then back to original
nmap test - now only TLSv1.2 cipher listed.

Piotr

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Cipher Rules And Groups in BIG-IP v13

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS