Nimbostratus
MVPFirst I would run the following command to see what the configuration is.
list sys httpd
Next when you end the following I would use the question mark to see what configuration options are available to you. Sadly I do not have access to an F5 appliance with this code version so I cannot provide the specific command. Essentially you need to create the appropriate cipher suite command to do what you want and that changes a bit from version to version.
modify sys httpd ssl-ciphersuite
NimbostratusHi Paulius ,
Thank you for your reply.
list sys httpd
sys httpd {
allow { 10.41.32.0/255.255.224.0 }
auth-pam-idle-timeout 36000
include "
<LocationMatch \";\">
Redirect 404 /
</LocationMatch>
<LocationMatch \"hsqldb\">
Redirect 404 /
</LocationMatch>
"
ssl-ciphersuite ALL:!ADH:!EXPORT56:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
}
We have tried below commands but no luck as these commands are for 11.x and above .
To restrict Configuration utility access to clients using TLS 1.2 or RC4-SHA ciphers, type the following command:
modify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:RC4-SHA:!SSLv2:-TLSv1:-SSLv3:-TLSv1.1'
Alternatively, if you can restrict to only TLS 1.2 cipher, then type the following command instead:
modify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1'