cancel
Showing results for 
Search instead for 
Did you mean: 
David_Holmes_12
Historic F5 Account

John Hall, the fuzz-master at F5, put together this handy spreadsheet showing the SSL cipher suite support sets for F5 BIG-IP software releases over the years.

 

At the time of this writing, most BIG-IPs in the wild are somewhere between 11.2 and 11.4. But there are, and probably will always be, customers running versions as old as 10.2.4.

 

The green arrows indicate support in the NATIVE SSL stack. The NATIVE stack is F5’s custom SSL code. Most of the ciphers are offloaded to hardware when acceleration is available. Though some of them, such as the GCM suites, are only handled in software at this time.

 

The red arrows indicate support in the COMPAT stack. The COMPAT stack pulls in the OpenSSL processing code. Typically this is only used for legacy clients that can only talk to OpenSSL. These are few and far between and thus the COMPAT stack is very rarely seen in the wild (less than 1%).

 

Anyway, this is a handy eye-chart for research or provisioning for BIG-IP and SSL.
 

0EM1T000001M5D5.png

Comments
Chase_Abbott
F5 Employee
F5 Employee
This makes me so happy! Kudos to Mr. Hall.
Amit_Karnik_269
Nimbostratus
Nimbostratus
This is good stuff. If you also add how the "DEFAULT" cipher string has evolved across the versions, that will be awesome.
MegaZone
F5 SIRT
F5 SIRT
Amit: The DEFAULT ciphers by version are here: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13156.html And if you want to know exactly what the 'DEFAULT' keyword decodes to internally, see: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html For a kind of index SOL to the other SSL/TLS SOLs: https://support.f5.com/kb/en-us/solutions/public/8000/800/sol8802.html
Version history
Last update:
‎06-May-2015 08:39
Updated by:
Contributors