Forum Discussion

Danny_Arroyo's avatar
Danny_Arroyo
Icon for Cirrus rankCirrus
Apr 19, 2018

Enabling "Honor Cipher Order" on F5 LTM v12.X

Our SSL sites are receiving F's on ssllabs. The main reason is that we are vulnerable to the ROBOT vulnerability (We are upgrading from 12.1.1 to 12.1.3.4 tonight).

 

However another issue we are having is that the weak ciphers are closer to the top of the cipher list than the strong ciphers. This is the SSLlabs output:

 

TLS 1.2 (suites in server-preferred order)

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits FS WEAK128 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits FS WEAK256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 1024 bits FS WEAK128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits FS WEAK128 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 1024 bits FS WEAK112 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK256 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK128 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK256 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK256 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK128 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK112 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp384r1 (eq. 7680 bits RSA) FS128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp384r1 (eq. 7680 bits RSA) FS128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp384r1 (eq. 7680 bits RSA) FS128 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp384r1 (eq. 7680 bits RSA) FS WEAK112

 

We would like to start using this list of ciphers in order:

 

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

 

From what I have read so far, the F5 respects Cipher order from left to right and we need to use the shortnames to specify the ciphers.

 

Questions: (Any help is appreciated) 1. Do I change the ciphers in the default ssl_client profile? or do I change the ciphers in the DEFAULT cipher list? 2. How do I setup my list of cipher shortnames from the list above so that the F5 will use the correct ciphers in order? As a test I used "AES-GCM:AES:DES:!SSLV2:!SSLV3" in one of my VS ssl_client_profiles, but that didn't work. The cipher list on the bottom of ssllabs report was not in the correct order.

 

application delivery
BIG-IP
LTM
security

10 Replies

Sort By
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Apr 21, 2018

    i would never change something in the build in default profiles. create your own default and use that as a parent for the others.

     

    as for working with client ciphers did you look at:

     

    https://support.f5.com/csp/article/K17370

     

    https://devcentral.f5.com/articles/ssl-profiles-part-4-cipher-suites

     

    i would use the mentioned tmm command to determine the names you want to combine those together.

     

    never worked with this but it an attempt to make it easier, although not in 12 sorry

     

    https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-custom-cipher-ssl-negotiation-configuration-13-0-0/1.html

     

  • Danny_Arroyo's avatar
    Danny_Arroyo
    Icon for Cirrus rankCirrus
    Apr 23, 2018

    Thanks for the information Boneyard. I did read through those links before opening this discussion. However, I'm still not clear on how to create my own cipher suite.

     

    I am looking to create a custom "DEFAULT" cipher suite, lets say "MYDEFAULT". So that I can use it in all my client and/or ssl Profiles.

     

    Does anyone have any information on how to do this?

     

    Or how can I add the following ciphers to a client ssl profile while keeping the order:

     

    ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

     

    Any Help is appreciated

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Apr 23, 2018

    not quite sure why those articles don't help, they explain it, pretty extensive in my opinion.

     

    you don't create a DEFAULT or MYDEFAULT, the DEFAULT is a build in set. you are able to manipulate the selection by putting certain sets there like HIGH or RC4 or DCE. with the !RC4 for example you negate a selection.

     

    but next to the sets you can also select the specific ciphers. just put the name in the Cipher field, for example "DHE-RSA-AES256-GCM-SHA384:AES128-SHA256"

     

    do notice from here that not all ciphers you want are possible with F5, i.e. ECDHE-ECDSA-CHACHA20-POLY1305

     

    https://support.f5.com/csp/article/K13163

     

    https://devcentral.f5.com/questions/enable-support-for-chacha20-poly1305-crypto

     

    that should set you off, if it doesn't work, show the error please

     

  • Danny_Arroyo's avatar
    Danny_Arroyo
    Icon for Cirrus rankCirrus
    Apr 23, 2018

    Forgive my lack of knowledge in this area. I have gained a much better understanding of how these ciphers work in the F5 and in general by reading through these links. Also I did find the F5 documentation that said "CHACHA" was not supported. Thanks again for the info.

     

    But let me explain another way. Our Directory of Security wants me to allow only the following ciphers, in this order:

     

    ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

     

    The reason is that when we test with SSLlabs, it shows our ciphers are in order from weakest to strongest. He wants it to be reverse (as in the list above).

     

    Are you saying that I can add that list to any of my client_ssl profiles (under Ciphers)? If so, can I do something like ":DEFAULT"?

     

    I'm testing by using the 'tmm --clientciphers (high|native|default)' command with the @strength added (and other options), but I can never get the list to come out in the order on the list above.

     

    I'm not getting any errors, the issue is the order of my ciphers doesn't match the list above. I'm starting to believe that this cant be done.

     

    Thanks again.

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Apr 23, 2018

    i apologize if i come over too strong, it was just that there didn't seem to be any progress just i read it all but it doesn't work, it seems it does work, just not exactly as wanted

    if you do this

    tmm --clientcipher "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"

    then that is the order the F5 is going to present it, same with putting that in the cipher string field.

    see

    [root@bigip-01:Active:Standalone] config  tmm --clientcipher "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"                                ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX
 0: 49195  ECDHE-ECDSA-AES128-GCM-SHA256    128  TLS1.2  Native  AES-GCM   SHA256  ECDHE_ECDSA
 1: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM   SHA256  ECDHE_RSA
[root@bigip-01:Active:Standalone] config  tmm --clientcipher "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
       ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX
 0: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM   SHA256  ECDHE_RSA
 1: 49195  ECDHE-ECDSA-AES128-GCM-SHA256    128  TLS1.2  Native  AES-GCM   SHA256  ECDHE_ECDSA

    stuff like @strength and such have an effect on sets, not on separate written out ciphers

    so if this doesn't work for you on SSL labs you might haven't saved the profile yet or are testing against the wrong virtual server or have edited the wrong profile

  • Danny_Arroyo's avatar
    Danny_Arroyo
    Icon for Cirrus rankCirrus
    Apr 23, 2018

    Thanks I'll try that.

     

    But does that command change the cipher for all my VS's? Is there some way to test this cipher with only one VS before I apply this to all my VS's?

     

    Also, when I use this command, do I uncheck the "Ciphers" option in my individual client ssl profiles so that any custom setting in there does not affect the negotiation?

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Apr 23, 2018

    the command does nothing except show you the order.

     

    you apply this via Client SSL profiles by putting the string in the Cipher text field. And yes, you can just create one new Client SSL profile with the specific cipher string in the Cipher field and put that one virtual server.

     

  • Danny_Arroyo's avatar
    Danny_Arroyo
    Icon for Cirrus rankCirrus
    Apr 24, 2018

    I was able to resolve this issue. For anyone having the same problem, here is what worked for me.

     

    The problem I was still having after Boneyard's help was that i could not get a SSLLabs grade above "B" because the DHE Ciphers were 1024 bit. This made the list of Ciphers appear to not be in the proper order. I found a thread (https://devcentral.f5.com/questions/how-to-set-diffie-hellman-to-2048-bits-59024) that explains that the F5 does not support DHE 2K. So that explains why SSLLabs was giving me a "B".

     

    I found another thread (https://devcentral.f5.com/questions/disable-specific-ssl-ciphers-on-f5-big-ip-55422) where someone had the same issue and solved it with the following cipher list: "!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4". I applied that cipher list to my ssl profile and now SSLLabs give me an "A"

     

    To round things up, my problem was that my cipher string had DH 2048 bit ciphers and ECDHE-ECDSA-CHACHA20-POLY1305 ciphers. Neither of these ciphers are supported by the F5. Also, I did not understand the exact syntax or where the cipher string should be placed in the F5.

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Apr 24, 2018

    thanks for reporting back Danny, if you feel my answer helped then please flag it as such.

     

    as for the string you use i do believe it is a bit too complex to achieve what you want, but if your are happy with it it does the trick.