Edge Client Cipher Suite

Question

When a SSL client profile is created, you have the ability to define the ciphers that you want the client to be able to use.  The DEFAULT suite uses TLS 1.0, 1.1 and 1.2.&nbsp;
On my workstation (Control Panel; Internet Options; Advanced) I configured the internet properties to only allow TLS 1.0, however the Edge client connected using TLS 1.2&nbsp;
&nbsp;
Would this imply that the Cipher Suite available to the Edge Client is built-in to the software as opposed to using what is supported by Windows?&nbsp;
Thanks&nbsp;
APM 11.5.1 latest Edge Client &nbsp;

steve_m__153836 · Answer

Each browser is going to have its own cipher suite preference. Someone else posted this link in a thread I can't remember, but it will tell you what your browser's cipher suite order is: https://cc.dcsec.uni-hannover.de/. Changing something in Windows might override IE from a client perspective, or customize what IIS will present. However, each browser is going to have its own cipher suite order. I think modern browsers will also always try TLS 1.2 first, but I'm not sure about that.

david_g__33241 · Answer

My question is about connecting with the Edge Client.

The DEFAULT Cipher Suite supports TLS only.  If I disable TLS 1.0, 1.1 and 1.2 in Windows I am unable to establish a connection to the Big-ip using the Edge client - this would imply that the Edge client leverages the Windows security configuration.  However, if I enable TLS 1.0 in Windows, then the Edge client DOES connect and it reports the protocol as being TLS 1.2 - this would imply that the cipher suite is built-in the Edge client.

I'm trying to understand the mechanics of this...

steve_m__153836 · Answer

Couln't find much documentation for this, but you could try turning on verbose logging for the client and see if you get anything useful in the logs. http://support.f5.com/kb/en-us/solutions/public/12000/600/sol12639.html?sr=45847447

Forum Discussion

Edge Client Cipher Suite

3 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Cipher Suites Supported (12.1.5.3)

Cipher Suite Practices and Pitfalls

Cipher suite mismatch advertisement/warning

SSL Profiles Part 4: Cipher Suites

Display a warning on client browser when cipher suite mismatch