Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

ECC Ciphers in 11.4.1

I am having some trouble getting ECDHE ciphers to function. I am running 11.4.1 and have tried multiple cipher strings in the SSL profile, but I can't seem to get them to appear when I scan the VIP. I always seem to get the AES-128-SHA and AES-256-SHA

Right now in prod I am running this on most of my servers. DEFAULT:!SSLv3:!RC4@STRENGTH

I tried adding the cipher suite but that didn't do anything

DEFAULT:ECDHE+AES:!SSLv3:!RC4@STRENGTH

I also tried doing something a little more complex. However that didn't really change anything either.

NATIVE:!MD5:!EXPORT:!3DES:!DES:!DHE:!SSLv3:!SSLv2@STRENGTH

The documentation says that ECC ciphers were available starting in 11.4.0. Any help would be appreciated.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Mike,

What about if you run the following from the BIG-IP CLI?

tmm --clientciphers 'DEFAULT:!SSLv3:!RC4:@STRENGH' does this return possible ECDHE ciphers? My test rig is 11.5.1 and I do get ECDHE ciphers - but as you say they are included in 11.4.1.

Nothing else configured in the Client SSL Profile is there?

Hope this helps,

N

0