Cipher Rules And Groups in BIG-IP v13
Updated Jun 06, 2023
Version 2.0Was this article helpful?
Running v13.1.0.3.0.0.5 I created a benoit-test cipher group, benoit-test ssl profile, for my benoit-virtual. Changing cipher rules in the group did apply the update directly. I started with the default string and then restricted the group to ECC only. The change did update without having to mess with the SSL profile.
Second test was only updating the rule string. I created a benoit-test for a rule and used the
ECDHE:ECDHE_ECDSA
string. I got back 13 ciphers. I then added !TLSv1 and !TLSv1_1 to the rule list ONLY, no update to the cipher group. The updated rule list DID change the returned cipher list, narrowed down to 6 cipher.
I am using the article's nmap ssl-enum-cipher script to verify change.
What version are you on?