Julio_Navarro
Apr 02, 2020Cirrostratus
How to test cipher suite strength?
Hello,
I am looking for a different (if available) way to test a client-ssl profile and its cipher suite configured besides using openssl against a VIP with the profile in question....?
Important - considering the options set
Is this possible? Its just looking for alternatives. Thank you
Thank you
For example:
ltm profile client-ssl test_clientssl {
app-service none
cert default.crt
cert-key-chain {
default_default {
cert default.crt
key default.key
}
}
chain none
ciphers DEFAULT:!NULL:!LOW:!EXP:!DH:!ADH:!EDH:!RC4:!MD5:!3DES:!AES128-SHA:!AES256-SHA:!RSA:@STRENGTH
defaults-from clientssl
inherit-certkeychain false
key default.key
options { netscape-reuse-cipher-change-bug microsoft-big-sslv3-buffer msie-sslv2-rsa-padding ssleay-080-client-dh-bug tls-d5-bug tls-block-padding-bug dont-insert-empty-fragments no-ssl no-dtls no-session-resumption-on-renegotiation no-tlsv1.1 single-dh-use ephemeral-rsa cipher-server-preference tls-rollback-bug no-sslv2 no-sslv3 no-tlsv1 pkcs1-check-1 pkcs1-check-2 netscape-ca-dn-bug netscape-demo-cipher-change-bug }
passphrase none
}