Cipher Suite Practices and Pitfalls

Cipher Suite Practices and Pitfalls It seems like every time you turn around there is a new vulnerability to deal with, and some of them, such as Sweet32, have required altering cipher configurati...
Updated Jun 06, 2023
Version 3.0
BIG-IP
dcsecurity17
f5 sirt
security
TMOS
MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
Sep 10, 2018

I'm glad you found it useful. When you chain together keywords using '+' cipher suites must match all of the keywords, so that should be safe. As you see in the results you're getting cipher suites that are ECDHE, AES, AND TLSv1.2 only.

 

I would strongly encourage upgrading that 11.4.1 TMOS though - that's out of support and hasn't received any updates, including security patches, in quite a while. I'd look at going to something newer if possible - 11.5.7, 11.6.3.2, 12.1.3.6, etc.