Cipher Rules And Groups in BIG-IP v13
My mother used to always tell me two things before I left for school in the morning.
Be wary of what ciphers your application supports Never use the Default cipher list unless you have compatibi...
Updated Jun 06, 2023
Version 2.0
Chase_Abbott
Employee
Employee
Chase_AbbottEmployee
EmployeeGood point! 14.1.0.1+ for everything to properly support it (my screen shot was of v15 but it's the same as v14 so c'est la vie).
Your upgrade from 12 to 14.1.2 had a lot of security happenings between those versions and your experience was definitely odd. Were you using the default ServerSSL profile? My rule of thumb from experience (on version 10 when we tested the first Exchange 2010 iApp) was to create all new profiles and break inheritance for any potential impacting settings. That was something learned the hard way even with the developers 100 meters away.
Regarding the SSL Labs A grade, I like this idea and will explore it further with my team and possibly support. Given current BIG-IP releases are spaced farther apart than SSL Labs updates sometimes, we can either cover it in documentation and include maybe a cipher group config output or something. I like this idea though of reexamining our cipher groups and maybe naming better aligned to the suites contained within.
Good ideas all around and it would definitly make the features easier to understand and use!