cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

How to list all cipher keywords

jwlarger
Cirrus
Cirrus

Can I query from tmos or cli to list all valid cipher keywords? (Not tmm --clientciphers DEFAULT - I just want keywords like !TLSv1 and the like).

 

If not, is there a list online? I searched the kb, here, & the web with no luck.

 

4 REPLIES 4

​Hello Jwlarger

Specifying cipher suites

TMM supports several ways to select groups of ciphers using a short string based on traits of those ciphers. These include the following:

  • SSL/TLS version: TLSv1, TLSv1_1, TLSv1_2, SSLv3
  • Bulk cipher: RC4, AES, AES-GCM
  • Key exchange: ECDHE, DHE (or EDH), RSA

This is not an exhaustive list. Note that although the format is similar to OpenSSL, some strings differ and the results are not always the same. For more information about specifying cipher strings on the BIG-IP system, refer to the articles listed in the following Supplemental Information section

REF - https://support.f5.com/csp/article/K15194

This is the openssl list:

https://www.openssl.org/docs/man1.0.2/man1/ciphers.html

And this is the supplemental info:

https://support.f5.com/csp/article/K01770517

​https://support.f5.com/csp/article/K15194

Regards,

Dario.

Regards,
Dario.

Thank you, but I had this information already. And as you say, "This is not an exhaustive list. "

 

An exhaustive list is EXACTLY what I'm looking for. F5 must have a list somewhere, either via command or on same arcane url, of ALL acceptable cipher keywords.

Sajid
Cirrostratus
Cirrostratus

check this article

 

Cipher Suite Practices and Pitfalls

 

Thanks, Sajid

 

I was already aware of this article, and have quoted from it extensively for our in-house working aids.

 

Still, though, no exhaustive list of acceptable cipher keywords.