How to force LTM to return TLS_RSA_WITH_RC4_128_SHA as ciphers string in a SSL client profile

Question

Hi There,&nbsp;
After upgrading LTM from 11.3 to 11.5, it seems like breaking application TLS single sign-on feature. During TLS handshake initiated by client, the LTM returns TLS_RSA_WITH_3DES_EDE_CBC_SHA as chosen cipher. Before upgrade, the LTM returned TLS_RSA_WITH_RC4_128_SHA as chosen cipher.     &nbsp;
How to force LTM to return TLS_RSA_WITH_RC4_128_SHA as a cipher string in a SSL client profile at v11.5?   &nbsp;
Thanks,&nbsp;
Hong&nbsp;

brad_parker · Answer

!EXPORT:!SSLv3:RC4-SHA&nbsp;

megazone · Answer

What is your currently configured cipher string?  This is going to come down to the cipher string and ordering.  This SOL shows what is enabled by default on each 11.x version: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13156.html&nbsp;
And this one the actual strings that 'DEFAULT' is shorthand for:
https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html&nbsp;
It is a matter of enabling/disabling the appropriate ciphers, and you can play with the ordering in the string to place the cipher(s) you most want used first.&nbsp;

Forum Discussion

How to force LTM to return TLS_RSA_WITH_RC4_128_SHA as ciphers string in a SSL client profile

2 Replies

Recent Discussions

About custome Response Blocking Page

Office Online Server with SharePoint 2016

health monitor source IP address

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

Related Content

Cipher Suites Supported (12.1.5.3)

TMOS script for updating SSL profile cipher group and TLS versions

Disabling Weak Ciphers

Cipher suite mismatch advertisement/warning

Translating SSL Ciphers names into the labels used in the profiles.