Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

How to use only specific ciphers and avoid building negative list

[v12.x and v13.x]

I want to use only specific ciphers with TLS1.2, so I set in clientssl profile this:

TLSv1_2:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-CBC-SHA:@STRENGTH

I thought, that will give me only TLS1.2 with selected ciphers, but no. Still DEFAULT ciphers are used.

Specific to this article: https://support.f5.com/csp/article/K17370#2 (Configuring the SSL profile to use a specific protocol) this should work, and at least TLS1.2 should be only available.

I want to avoid building negative list witch “!”. What I missed?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I get answer from my friend. It's so simple:

TLSv1_2+ECDHE-RSA-AES256-GCM-SHA384:TLSv1_2+ECDHE-RSA-AES256-CBC-SHA:TLSv1_2+ECDHE-RSA-AES128-GCM-SHA256:TLSv1_2+ECDHE-RSA-AES128-CBC-SHA:@STRENGTH

Maybe someone will need it to :)

0