Example cipher suite needed...

Question

I am running a box in our lab that is running 11.5.3. We have some very old Vista clients that need to access to two SSL VIPs.  I need to use a cipher string that will support these ciphers below. I assume it will require use of the COMPAT stack.&nbsp;
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA&nbsp;
Can some provide an example of a cipher string that will support these AES_128 and RC4 ciphers?  I know this opens me up to vulnerabilities but I have no choice.&nbsp;
Thank you,&nbsp;

hannes_rapp · Answer

I don't think you will need RC4. If you can test, give a try to ALL:!EXPORT:!RC4:!DES:!ADH:!EDH:!SSLv3
-This SSL/TLS config also complies with PCI DSS 3.0 (Enforced till the end of June 2016)
Although the string above qualifies for grade A in Qualys SSL labs, it's not perfect from a security standpoint. Windows Vista and XP clients on IE8 and newer can connect using TLS1.0 in combination with CBC.

Forum Discussion

Example cipher suite needed...

1 Reply

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

APM variable assign examples

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Irule Example Issue

APM Advanced Customization Examples with Modern Template, v15.1+

Cipher Suites Supported (12.1.5.3)