SSL Negotiations against Weak Ciphers of RSA+AES

Hello Team, Im really in a weird situation for a set up on our infra for one of the connections coming to our F5. We have disabled RSA+AES and along with few other cipher negotiations to our environment and only supports strong ciphers of ECDHE and its combinations.

 

Our ciphers are as follows

 

"!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DTLSv1:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:!RSA+AES-GCM:!RSA+AES:!ECDHE+3DES:!RSA+3DES:-TLSv1_1+3DES:-TLSv1_2+3DES:-MD5:-SSLv3:-RC4"

 

However we have an issues with one of the connection which continue to fail though it is having a strong cipher to negotiate with us.

 

I have done an SSL dump for the incoming connection with RSA+AES disabled and enabled - But still im not not able to figure out why the negotiations are not happening to a strong cipher once RSA+AES diabled and infact it denies the connection too.

 

Here are the details of SSL dumps.

 

1. RSA+AES disabled and we expects to negotiate with TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 or TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

 

1. When RSA+AES enabled the negotiations done with TLS_RSA_WITH_AES_128_CBC_SHA ,which we really dont want to and instead we expect to have the negotiations done still with TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 or TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA.

 

So here the issues are.

 

1. Why the negotiations is not happening with a strong ciphers ?

    

2. Why it is always trying to negotiate with TLS_RSA_WITH_AES_128_CBC_SHA and once we disable it the connection itself fails rather than negotiating to other ciphers.

    

3. Does F5 have any preference in doing the negotiations for the weak and string ciphers?

    

Any advise and help on this is really grateful.