Cipher Suite Practices and Pitfalls

Cipher Suite Practices and Pitfalls It seems like every time you turn around there is a new vulnerability to deal with, and some of them, such as Sweet32, have required altering cipher configurati...
Updated Jun 06, 2023
Version 3.0
BIG-IP
dcsecurity17
f5 sirt
security
TMOS
MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
Feb 26, 2019

There's another article that might be helpful: https://support.f5.com/csp/article/K31320003

 

As for this specific situation, can you do look at the traffic? Specifically look at the ClientHello coming from Firefox, as that will contain a list of the cipher suites that the browser is offering to support. Make sure there is at least one cipher suite shared between FF and what the BIG-IP is offering.

 

You can see what the BIG-IP will support with 'tmm --clientciphers [your cipher suite config]'