Issues with cipher suites

Question

Hi there,&nbsp;I'm trying to get a tight set of supported ciphers and have explicitly named them. Some don't show up however and have issues determining why.&nbsp;Anyone know why they don't show up?&nbsp;In the client-ssl profile I've explicitly set cipher suites to:TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2&nbsp;More readable:&nbsp;TLS13-AES256-GCM-SHA384TLS13-AES128-GCM-SHA256TLS13-CHACHA20-POLY1305-SHA256ECDHE-RSA-AES256-GCM-SHA384ECDHE-RSA-AES128-GCM-SHA256ECDHE-RSA-CHACHA20-POLY1305-SHA256ECDHE-RSA-AES256-SHA384ECDHE-RSA-AES128-SHA256DHE-RSA-AES256-GCM-SHA384DHE-RSA-AES128-GCM-SHA256!TLSv1_1!TLSv1!SSLv3!SSLv2&nbsp;But I only get offered:&nbsp;Preferred TLSv1.3 &nbsp;128 bits &nbsp;TLS_AES_128_GCM_SHA256 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Curve 25519 DHE 253Accepted &nbsp;TLSv1.3 &nbsp;256 bits &nbsp;TLS_AES_256_GCM_SHA384 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Curve 25519 DHE 253Preferred TLSv1.2 &nbsp;128 bits &nbsp;ECDHE-RSA-AES128-GCM-SHA256 &nbsp;&nbsp;Curve P-256 DHE 256Accepted &nbsp;TLSv1.2 &nbsp;256 bits &nbsp;ECDHE-RSA-AES256-GCM-SHA384 &nbsp;&nbsp;Curve P-256 DHE 256Accepted &nbsp;TLSv1.2 &nbsp;128 bits &nbsp;DHE-RSA-AES128-GCM-SHA256 &nbsp;&nbsp;&nbsp;&nbsp;DHE 1024 bitsAccepted &nbsp;TLSv1.2 &nbsp;256 bits &nbsp;DHE-RSA-AES256-GCM-SHA384 &nbsp;&nbsp;&nbsp;&nbsp;DHE 1024 bits&nbsp;&nbsp;Am missing:TLS13-CHACHA20-POLY1305-SHA256&nbsp;ECDHE-RSA-CHACHA20-POLY1305-SHA256ECDHE-RSA-AES256-SHA384ECDHE-RSA-AES128-SHA256&nbsp;any ideas how to get those active?&nbsp;TIA

ferry · Answer

Would appear it's due to our ACLs.&nbsp;I can actually enter cipher suites in a profile and I will actually see them after doing so.&nbsp;Upon refreshing it seems to get the suites from a parent profile however. Appears I'm not actually allowed to set them.

Forum Discussion

Issues with cipher suites

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Cipher Suites Supported (12.1.5.3)

Cipher Suite Practices and Pitfalls

Disabling Specific Weak Cipher Suites

Cipher suite mismatch advertisement/warning

SSL Profiles Part 4: Cipher Suites