Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

How to disable and enable specific weak/good ciphers In SSL profiles. How to achieve this .

sandip_kakade
Nimbostratus
Nimbostratus

‎28-Oct-2021 03:01

Please enable the below mentioned two strong ciphers and TLSv1.3 in state filing application

 

TLSv1.2 cipher TLS_RSA_WITH_AES_128_GCM_SHA256

TLSv1.2 cipher TLS_RSA_WITH_AES_256_GCM_SHA384

 

Also, remove the below weak ciphers

 

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLSv1.2 cipher TLS_RSA_WITH_AES_128_CBC_SHA

TLSv1.2 cipher TLS_RSA_WITH_AES_128_CBC_SHA256

TLSv1.2 cipher TLS_RSA_WITH_AES_256_CBC_SHA

TLSv1.2 cipher TLS_RSA_WITH_AES_256_CBC_SHA256

TLSv1.2 cipher TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

TLSv1.2 cipher TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

Labels:
0 Kudos
1 REPLY 1

Enes_Afsin_Al
MVP
MVP

‎28-Oct-2021 06:07 - last edited on ‎05-Jun-2023 23:02 by Fog

Hi sandip kakade,

In client ssl profile:

0691T00000F6UpuQAF.png 

TLSv1_3:AES128-GCM-SHA256:AES256-GCM-SHA384

With this cipher suite, the following ciphers will be usable.

TLS13-AES128-GCM-SHA256/TLS1.3
TLS13-AES256-GCM-SHA384/TLS1.3
TLS13-CHACHA20-POLY1305-SHA256/TLS1.3
AES128-GCM-SHA256/TLS1.2
AES256-GCM-SHA384/TLS1.2

IANA name:

TLS_RSA_WITH_AES_128_GCM_SHA256

OpenSSL name:

AES128-GCM-SHA256

IANA name:

TLS_RSA_WITH_AES_256_GCM_SHA384

OpenSSL name:

AES256-GCM-SHA384

0 Kudos
Copyright © 2023 Khoros, LLC