Forum Discussion
F5 article on configuring ciphers: https://support.f5.com/csp/article/K13171
See the result of a string on a device via CLI bash with this command:
tmm --clientciphers ''
Example:
tmm --clientciphers 'NATIVE:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:!SSLv3:!TLSv1:!EXPORT:!DH:!ADH:!LOW:!MD5:!RC4:RSA+AES:RSA+3DES:@STRENGTH'
The "@STRENGTH" tells it to sort the ciphers by strength, strongest first.
Also see: F5 SSL Everywhere Recommended Practices
https://f5.com/Portals/1/Premium/Architectures/RA-SSL-Everywhere-deployment-guide.pdfOnce you have a cipher string you want, add it to your SSL profile, sshd, or httpd.
- SFiddy_313786Jun 28, 2017Nimbostratus
This is information I already was aware of. My problem is the getting the exact ciphers in the exact order as my original post. I haven't figured out that string and I have spent quite a bit of time formatting and testing. I am looking for assistance from someone who can show me.
- P_KJun 28, 2017Altostratus
what version of bigip is it?
- LoyalSoldierJun 28, 2017Altostratus
SFiddy,
 
Have you seen this article? Looks like it might help with what you are trying to do. https://devcentral.f5.com/s/feed/0D51T00006i7buMSAQ
 
Another article, that includes a example of testing them: https://devcentral.f5.com/s/articles/ssl-profiles-part-4-cipher-suites
 
- SFiddy_313786Jun 28, 2017Nimbostratus
I am using 11.6.1