Cipher Suite Practices and Pitfalls

Cipher Suite Practices and Pitfalls It seems like every time you turn around there is a new vulnerability to deal with, and some of them, such as Sweet32, have required altering cipher configurati...
Updated 3 years ago
Version 3.0
big-ip
dcsecurity17
f5 sirt
security
TMOS
MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
7 years ago

I'm glad you found it useful. When you chain together keywords using '+' cipher suites must match all of the keywords, so that should be safe. As you see in the results you're getting cipher suites that are ECDHE, AES, AND TLSv1.2 only.

 

I would strongly encourage upgrading that 11.4.1 TMOS though - that's out of support and hasn't received any updates, including security patches, in quite a while. I'd look at going to something newer if possible - 11.5.7, 11.6.3.2, 12.1.3.6, etc.