Forum Discussion
kchiotak_298563
Nimbostratus
Hi all,
Thank you very much Kai for this, really appreciate it.
Now with this new vulnerability K21905460: BIG-IP SSL vulnerability CVE-2017-6168 I suppose we will have to remove the RSA key exchange from the cipher list? https://support.f5.com/csp/article/K21905460
New list:
!SSLv2:!RSA:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4
What are your thoughts?
Regards,
magnus78_287184
Nov 20, 2017Cirrus
Your says some weak chipers on SSL Labs. You can use this one: !SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:ECDHE+AES-GCM:ECDHE+AES:-MD5:-SSLv3:-RC4:!3DES:!RSA