Cipher Rules and Groups (v14.1.0.2)

Question

Has anyone noticed any issues with cipher rules and cipher groups in v14.1.0.2?
For example, in the user comments from the following article, it was mentioned that on v13, when making a modification to cipher rules that the changes did not propagate (from my testing on v14.1.0.2, this issue appears to have been fixed)
https://devcentral.f5.com/articles/cipher-rules-and-groups-in-big-ip-v13-25200
From what I understand, the use of a cipher group is required for TLS1.3 (client side). You cannot specify a cipher suite string on the client SSL profile when you have TLS1.3 enabled. Is this correct?
Thanks

kai_wilke · Answer

Hi Michael,
haven't played with TLS1.3 on 14.1. yet, but it would make me wonder if you can't use a tailordered cipher suite string in combination with TLS1.3 anymore.
Take a look to K10251520 (click me) to get the latest information regarding TLS1.3 support. The article outlines the steps required to enable TLS1.3 on a SSL profile as well as the TLS1.3 related Cipher String values TLS13-AES128-GCM-SHA256 , TLS13-AES256-GCM-SHA384 and TLS13-CHACHA20-POLY1305-SHA256 ...
 tmm --clientciphers ALL | grep TLS13

Cheers, Kai

Forum Discussion

Cipher Rules and Groups (v14.1.0.2)

1 Reply

Recent Discussions

no available managed rule groups for Israel il-central-1

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

Cipher Rules And Groups in BIG-IP v13

TMOS script for updating SSL profile cipher group and TLS versions

Cipher Suites Supported (12.1.5.3)

Certified Kubernetes Administrator - Study Group

LTM Cipher rule