Forum Discussion
LoyalSoldier
Altostratus
F5 article on configuring ciphers: https://support.f5.com/csp/article/K13171
See the result of a string on a device via CLI bash with this command:
tmm --clientciphers ''
Example:
tmm --clientciphers 'NATIVE:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:!SSLv3:!TLSv1:!EXPORT:!DH:!ADH:!LOW:!MD5:!RC4:RSA+AES:RSA+3DES:@STRENGTH'
The "@STRENGTH" tells it to sort the ciphers by strength, strongest first.
Also see: F5 SSL Everywhere Recommended Practices
https://f5.com/Portals/1/Premium/Architectures/RA-SSL-Everywhere-deployment-guide.pdfOnce you have a cipher string you want, add it to your SSL profile, sshd, or httpd.
LoyalSoldier
Jun 28, 2017Altostratus
SFiddy,
 
Have you seen this article? Looks like it might help with what you are trying to do. https://devcentral.f5.com/s/feed/0D51T00006i7buMSAQ
 
Another article, that includes a example of testing them: https://devcentral.f5.com/s/articles/ssl-profiles-part-4-cipher-suites