Forum Discussion
awilhelm
Employee
The short answer is no, but from your comment above I don't think that answers your question.
There are two different ways of naming ciphers, the way they're named by IANA and RFCs and the way they're named by OpenSSL. F5 TMOS uses OpenSSL format for its cipher string. You can tell them apart because the RFC format usually uses underscores and the OpenSSL format uses hyphens. To translate between them you should refer to the OpenSSL ciphers manual page.
For example, for
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384
From SOL13163 we can see that
ECDHE-ECDSA-AES256-SHA384
is supported in 11.6.0.
Note that above I changed ECDH in the RFC name to ECDHE. F5 software only supports ephemeral Diffie-Hellman, which is indicated by the E.
awilhelm
Feb 24, 2016Employee
It is. OpenSSL tends to elide certain things in their names - for example, if no auth method is specified it's usually RSA (same for key agreement), and if an OpenSSL string just says AES it implies CBC.