23-Jul-2023 22:17
Hi,
I want to change the server Cipher preferred order. I want EC preferred then RSA
like below
1, TLS13 AES256 GCM SHA3842, TLS13 AES128 GCM SHA2563, TLS13 CHACHA20 POLY1305 SHA2564, TLS12 ECDHE ECDSA AES256 GCM SHA3845, TLS12 ECDHE ECDSA AES128 GCM SHA2566, TLS12 ECDHE ECDSA CHACHA20 POLY1305 SHA256
7+ all others RSA etc.
How do I achieve this?
Via iRule?
Solved! Go to Solution.
25-Jul-2023 23:17 - edited 25-Jul-2023 23:22
try these:
https://community.f5.com/t5/technical-forum/enabling-quot-honor-cipher-order-quot-on-f5-ltm-v12-x/td...
https://my.f5.com/manage/s/article/K17370
https://my.f5.com/manage/s/article/K10866411
http://smanthey.net/downloads/ssl/ssl-cipher-cs-a4-02.pdf
View solution in original post
24-Jul-2023 00:06
have you tried cipher groups?
https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-ltm-configuring-custom-cipher-string-for-ssl-negot...
https://my.f5.com/manage/s/article/K01770517
24-Jul-2023 19:07
I tried it. but how do i enforce below order ?
When the client sends the cipher proposal I want f5 respond EC preferred then RSA. How i do it?
24-Jul-2023 19:52
do i need to define the cipher rule as I want ?
AES256-GCM-SHA384:AES128-GCM-SHA256:CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256
26-Jul-2023 02:15
Really appreciate your help. it's working as I want. Thanks lot.
