Forum Discussion

Altocumulus

Feb 16, 2018

Bigip 11.2.1 - weak ciphers

I have BiGIP 11.2.1 in my test lab and below Cipher suite for SSL profile: TLSv1_2:!SSLv3:!RC4-SHA:!3DES:!DH:!ADH:!EDH:!MD5:!EXPORT:!DES:@STRENGTH However there are few open weak ciphers wh...

MVP

Feb 16, 2018

So the RSA cipher suite is being deprecated by testing tools like SSLLabs as they don't provide Forward Secrecy: SSL Labs Grading Update: Forward Secrecy, Authenticated Encryption and ROBOT

Running a version such as 11.2.1 in a production scenario raises so many more questions other than "how do I block this cipher?". There are a significant amount of vulnerabilities that have been discovered since this version was released, that have been fixed in later versions.

I would recommend patching to a later supported release at your earliest opportunity.

To answer your question, you could probably disable them, but I don't think that would leave all that many options for usable ciphers. You should test this thoroughly.

Forum Discussion

Bigip 11.2.1 - weak ciphers

Recent Discussions

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Open Redirection Mitigation

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

Related Content

Re: BigIP Report

Cipher Suite Practices and Pitfalls

Cipher Suites Supported (12.1.5.3)

LTM Cipher rule

Disabling Specific Weak Cipher Suites