we have recently noticed that we are getting the following error in Chrome when browsing to services hosted on F5:
Connection - obsolete connection settings
The connection to this site is encrypted and authenticated using TLS 1.2, RSA, and AES_256_GCM.
now I have double checked and our F5 does have ECDHE-based ciphers suite and its a ltest version of google chrome. does any one know what might be causing this? if so, we can we fix this?
or is there anyway to prioritise certain cipher suites? instead of disabling the weak ones.
You are seeing that message as RSA is being used as key exchange algorithm. You should consider using ECDHE_RSA for key exchange instead.
Here is how I would solve it.
1) force the use of TLS 1.2
2) Disable RSA as Key exchange algorithm
1) go to Client SSL profile you want to edit.
2) Select Advanced Configuration and tick customisation button for Ciphers.
3) Copy and paste the following string
Following is the screenshot of client SSL profile I have created to illustrate to you.
Hope this helps.
Please let me know if you have any questions.