Cipher Suite Practices and Pitfalls

Cipher Suite Practices and Pitfalls It seems like every time you turn around there is a new vulnerability to deal with, and some of them, such as Sweet32, have required altering cipher configurati...
Updated Jun 06, 2023
Version 3.0
BIG-IP
dcsecurity17
f5 sirt
security
TMOS
Car4los_13384's avatar
Car4los_13384
Icon for Nimbostratus rankNimbostratus
Feb 25, 2019

Here is an oddity. Needed to get off TLSv1.0 on an LTM at 11.5 version. I googled around and found this: https://support.f5.com/csp/article/K13400ssl_p1, so I tried the recommended change. There were no errors reported by TMSH using the command shown in the article. However Firefox barfs with SSL_ERROR_NO_CYPHER_OVERLAP. Tweaking the settings in the about:config did not help. Chrome works, even Edge works. Has anyone else hit this issue? A test of the URL to the configuration utility shows: upported cipher suites (ORDER IS NOT SIGNIFICANT): TLSv1.2 RSA_WITH_AES_128_CBC_SHA256 RSA_WITH_AES_256_CBC_SHA256 DHE_RSA_WITH_AES_128_CBC_SHA256 DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

I'm not sure what Firefox is puzzled by.  Any thoughts?