How to list all cipher keywords

jwlarger · ‎02-Mar-2021

Can I query from tmos or cli to list all valid cipher keywords? (Not tmm --clientciphers DEFAULT - I just want keywords like !TLSv1 and the like).

If not, is there a list online? I searched the kb, here, & the web with no luck.

Dario_Garrido · ‎02-Mar-2021

Hello Jwlarger

Specifying cipher suites

TMM supports several ways to select groups of ciphers using a short string based on traits of those ciphers. These include the following:

SSL/TLS version: TLSv1, TLSv1_1, TLSv1_2, SSLv3
Bulk cipher: RC4, AES, AES-GCM
Key exchange: ECDHE, DHE (or EDH), RSA

This is not an exhaustive list. Note that although the format is similar to OpenSSL, some strings differ and the results are not always the same. For more information about specifying cipher strings on the BIG-IP system, refer to the articles listed in the following Supplemental Information section

REF - https://support.f5.com/csp/article/K15194

This is the openssl list:

https://www.openssl.org/docs/man1.0.2/man1/ciphers.html

And this is the supplemental info:

https://support.f5.com/csp/article/K01770517

https://support.f5.com/csp/article/K15194

Regards,

Dario.

Regards,
Dario.

jwlarger · ‎02-Mar-2021

Thank you, but I had this information already. And as you say, "This is not an exhaustive list. "

An exhaustive list is EXACTLY what I'm looking for. F5 must have a list somewhere, either via command or on same arcane url, of ALL acceptable cipher keywords.

Sajid · ‎02-Mar-2021

check this article

Cipher Suite Practices and Pitfalls

jwlarger · ‎02-Mar-2021

Thanks, Sajid

I was already aware of this article, and have quoted from it extensively for our in-house working aids.

Still, though, no exhaustive list of acceptable cipher keywords.

DevCentral

How to list all cipher keywords