Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Cipher Suite error

VFB
Cirrus
Cirrus

‎24-Aug-2022 13:43

A server team provided the following ciphers used, but for some reason, I am unable to either create a rule or group for them. Any help would be appreciated

 

TLS-CHACHA20-POLY1305-SHA256
TLS-AES-256-GCM-SHA384
TLS-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

Labels:
0 Kudos
2 REPLIES 2

Kevin_Stewart
F5 Employee
F5 Employee

‎24-Aug-2022 22:16

It might be helpful to verify that the intention is to support TLS 1.2 and TLS 1.3 ciphers (or just TLS 1.3). The top three in your list are explicitly TLS 1.3. The following literal cipher string will produce exactly what's in your list:

 

tmm --clientciphers '!DTLSv1_2:TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;ECDHE-ECDSA-AES256-GCM-SHA384'

SUITE                                  PROT
TLS13-AES256-GCM-SHA384                TLS1.3
TLS13-AES128-GCM-SHA256                TLS1.3
TLS13-CHACHA20-POLY1305-SHA256         TLS1.3
ECDHE-ECDSA-CHACHA20-POLY1305-SHA256   TLS1.2
ECDHE-ECDSA-AES128-GCM-SHA256          TLS1.2
ECDHE-ECDSA-AES256-GCM-SHA384          TLS1.2

 

 

JRahm
Community Manager
Community Manager
In response to Kevin_Stewart

‎26-Aug-2022 10:27

If this answered your question @VFB, can you accept the solution so it will be more helpful to others who find this thread? Thank you!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos
Copyright © 2023 Khoros, LLC