Default SSL Cipher Suite Reorder

Question

In 11.4.1, does anyone know the syntax of the Ciphers field if we want to reorder the DEFAULT order? The DEFAULT order is RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC3-SHA, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-CBC-SHA, ECDHE-RSA-AES256-CBC-SHA, ECDHE-RSA-DES-CBC3-SHA. What is the syntax if want to reorder to have RC4-SHA last and put the ECDHE suites first?

vitaliy_savrans · Accepted Answer

Hi,
the syntax is like this:
ECDHE:AES256:AES128:DES:RC4+RSA

as for me it's not a good idea to use weak ciphers like des* or rc4+rsa

dave_21103 · Answer

Thanks Vitaliy. This is an example of the TMSH syntax we used to successfully modify the existing DEFAULT setting: modify ltm profile client-ssl www.test.com { ciphers ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-SHA256:AES256-SHA:AES128-SHA256 }

Forum Discussion

Default SSL Cipher Suite Reorder

2 Replies

Recent Discussions

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

Cipher Suites Supported (12.1.5.3)

Reorder Http Cookies

Cipher Suite Practices and Pitfalls

Disabling Weak Ciphers

LTM Cipher rule