Forum Discussion
3 Replies
Sort By
- Hannes_RappNimbostratus
Create a new clientssl profile where you specify a custom cipher-string, keep the other settings as default. You can name this as 'profile_clientssl_base'.
If all you want is to disable TLSv1.0, and keep the rest as default, you can use
as your custom string. When done, this profile can be reused as your Parent Profile for all the other clientssl profiles you create in the future.DEFAULT:!TLSv1
If your concern is with the upcoming PCI DSS 3.1 requirements (will be enforced in June 2016), have a look at here https://devcentral.f5.com/questions/pci-cipher-set. You should check out the second answer which is not User Accepted, if you don't want to disable more cipher suites than required.
- tatmotivCirrostratus
Also, have a look at this document which is totally recommended reading: https://f5.com/Portals/1/Premium/Architectures/RA-SSL-Everywhere-deployment-guide.pdf