Cipher Rules And Groups in BIG-IP v13
My mother used to always tell me two things before I left for school in the morning.
Be wary of what ciphers your application supports Never use the Default cipher list unless you have compatibi...
Updated Jun 06, 2023
Version 2.0
dragonflymr
Cirrostratus
CirrostratusHi,
I did the same test (13.1.0.6 on VE) as Chase and no live update :-(
Steps:
- Client SSL profile with cache disbaled
- Group with only f5-ecc assigned
- Rule with only ECDHE:ECDHE_ECDSA created and assigned to Restrict in group
- nmap test - TLSv1.0, 1.1 and 1.2 ciphers listed
- Edited rule with :!TLSv1:!TLSv1_1
- nmap test - still ciphers for all protocols listed (but when checking in group not TLSv1.0 and 1.1 ciphers present)
- Edited VS by changing client ssl profile to some other and then back to original
- nmap test - now only TLSv1.2 cipher listed.
Piotr