F5 Hardened Cipher suite profile (pentest recommendation)
We have a pentest report that wants to DISABLE the following ciphers from our f5 profile; (we currently use 'f5-secure' & they want us to remove some ciphers from that to comply to the recommendation) ; The following are NOT safe according to the pentesters; & according to the dutch government due to weaker encryption algorithms; AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA I get that i can create a NEW f5-secure_V1; but how do i remove these specifc ciphers from f5-secure (or is there a cipher group that i can use that complies to this?) Cheers! NTBeheer