Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

How are ciphers configured or what ciphers are used with the Bip IP Edge client?

Recently we've restricted the ciphers on the SSL profiles (Client), and disallowed SSLv3, TLSv1, and a number of other encryption. However, after the change, users using the Edge client were unable to VPN to the F5. When the users tried to connect they get, "Can't receive settings from server."

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

just checked for 11.5.1. HF7 and it provides quite a few (Cipher Suites: 26 suites) in the client hello.

can you provide your exact ssl profile settings?

as a check i would try with a browser client to connect to that server to rule out you totally disabled access. also something like https://www.ssllabs.com/ssltest/ would be interesting to check if a connection is still possible.

as for the edge client, which version of TMOS are you using?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

The TMOS version is 11.4.1 HF3. Yes, the security team did use a scanning tool, and the ciphers "TLSv1_2:ECDHE+AES:DH+AES:ECDHE+AES:DH+AES:ECDHE+AES:DH+AES:ECDHE+3DES:DH+3DES:RSA+AES:RSA+AES:RSA+3DES:!MD5:!SSLv3:!EXP:!TLSv1:!RC4:!DES" did take as expected. Those using the web client for Edge Gateway were able to login, it's just those who used the Edge Window's client are having issues.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

for me it works fine with that CIPHER string (which seems to have some double entries) on a client SSL profile, but as mentioned that is version 11.5.1 HF7. you can do a packetcapture to determine what your edge client offers. but i wouldn't certainly also open a support ticket.

0
Comments on this Answer
Comment made 20-Jan-2015 by boneyard 5579
that should be: open a support ticket if you can, they might be quicker and more certain about the cause.
0