Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Cipher Rules and Groups (v14.1.0.2)

Has anyone noticed any issues with cipher rules and cipher groups in v14.1.0.2?

For example, in the user comments from the following article, it was mentioned that on v13, when making a modification to cipher rules that the changes did not propagate (from my testing on v14.1.0.2, this issue appears to have been fixed)

https://devcentral.f5.com/articles/cipher-rules-and-groups-in-big-ip-v13-25200

From what I understand, the use of a cipher group is required for TLS1.3 (client side). You cannot specify a cipher suite string on the client SSL profile when you have TLS1.3 enabled. Is this correct?

Thanks

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Michael,

haven't played with TLS1.3 on 14.1. yet, but it would make me wonder if you can't use a tailordered cipher suite string in combination with TLS1.3 anymore.

Take a look to K10251520 (click me) to get the latest information regarding TLS1.3 support. The article outlines the steps required to enable TLS1.3 on a SSL profile as well as the TLS1.3 related Cipher String values TLS13-AES128-GCM-SHA256 , TLS13-AES256-GCM-SHA384 and TLS13-CHACHA20-POLY1305-SHA256 ...

# tmm --clientciphers ALL | grep TLS13

Cheers, Kai

0