Forum Discussion
Amy_123193
Historic F5 Account
The short answer is no, but from your comment above I don't think that answers your question.
There are two different ways of naming ciphers, the way they're named by IANA and RFCs and the way they're named by OpenSSL. F5 TMOS uses OpenSSL format for its cipher string. You can tell them apart because the RFC format usually uses underscores and the OpenSSL format uses hyphens. To translate between them you should refer to the OpenSSL ciphers manual page.
For example, for
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384
From SOL13163 we can see that
ECDHE-ECDSA-AES256-SHA384
is supported in 11.6.0.
Note that above I changed ECDH in the RFC name to ECDHE. F5 software only supports ephemeral Diffie-Hellman, which is indicated by the E.
pcr654_224362
Feb 24, 2016Nimbostratus
Thank you for your response this was very helpful. But Just to clearify, even though the OpenSSL format does not mention CBC in the string, it is still the same as the RFC?