I am having some trouble getting ECDHE ciphers to function. I am running 11.4.1 and have tried multiple cipher strings in the SSL profile, but I can't seem to get them to appear when I scan the VIP. I always seem to get the AES-128-SHA and AES-256-SHA
Right now in prod I am running this on most of my servers.
I tried adding the cipher suite but that didn't do anything
I also tried doing something a little more complex. However that didn't really change anything either.
The documentation says that ECC ciphers were available starting in 11.4.0. Any help would be appreciated.
What about if you run the following from the BIG-IP CLI?
tmm --clientciphers 'DEFAULT:!SSLv3:!RC4:@STRENGH' does this return possible ECDHE ciphers? My test rig is 11.5.1 and I do get ECDHE ciphers - but as you say they are included in 11.4.1.
Nothing else configured in the Client SSL Profile is there?
Hope this helps,