Hi, We have applied verisign wildcard certificate for all our application as a client side certificate. We get B SSL ratings for our applications because of ciphers negotiated - This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. We have DEFAULT ciphers in client side profile. how can i disable all weak ciphers? Will it make any impact on site access? Regards

Assuming you want to keep everything as-is, and just take out DH: (apply the custom cipher to your client-ssl profile) DEFAULT:!DH You can also see the full list of cipher suites that will still be enabled after your change. (execute in BigIP BASH shell) tmm --clientciphers 'DEFAULT:!DH' More ways to configure your custom client-ssl cipher string, refer to https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html

Hi Thanks for the quick reply. I applied below !DH:ECDHE:DHE:DHE_DSS:!LOW:!MEDIUM:@STRENGTH i am still failing in below - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 1024 bits FS WEAK

You can check here for optimal cipher configs: https://devcentral.f5.com/s/feed/0D51T00006i7cGzSAI . Perhaps PCI DSS 3.1 suite (my second reply in thread) will be good for you if you're looking to harden it a bit further. In regards to your recently reported 'weak' cipher suites, they are more in the pseudo-security category. You can safely ignore them without taking any action for now, but make sure to revise it somewhere in 2017.

Weak Ciphers | DevCentral

10 Replies

Hannes_Rapp_162
Nacreous
Jun 20, 2016
Assuming you want to keep everything as-is, and just take out DH:

(apply the custom cipher to your client-ssl profile)

DEFAULT:!DH

You can also see the full list of cipher suites that will still be enabled after your change.

(execute in BigIP BASH shell)

tmm --clientciphers 'DEFAULT:!DH'

More ways to configure your custom client-ssl cipher string, refer to https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html
- Nuruddin_Ahmed_
  Cirrostratus
  Jun 20, 2016
  Hi Thanks for the quick reply. I applied below !DH:ECDHE:DHE:DHE_DSS:!LOW:!MEDIUM:@STRENGTH i am still failing in below - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 1024 bits FS WEAK
- Hannes_Rapp_162
  Nacreous
  Jun 20, 2016
  You can check here for optimal cipher configs: https://devcentral.f5.com/s/feed/0D51T00006i7cGzSAI . Perhaps PCI DSS 3.1 suite (my second reply in thread) will be good for you if you're looking to harden it a bit further. In regards to your recently reported 'weak' cipher suites, they are more in the pseudo-security category. You can safely ignore them without taking any action for now, but make sure to revise it somewhere in 2017.
Hannes_Rapp
Nimbostratus
Jun 20, 2016
Assuming you want to keep everything as-is, and just take out DH:

(apply the custom cipher to your client-ssl profile)

DEFAULT:!DH

You can also see the full list of cipher suites that will still be enabled after your change.

(execute in BigIP BASH shell)

tmm --clientciphers 'DEFAULT:!DH'

More ways to configure your custom client-ssl cipher string, refer to https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html
- Nuruddin_Ahmed_
  Cirrostratus
  Jun 20, 2016
  Hi Thanks for the quick reply. I applied below !DH:ECDHE:DHE:DHE_DSS:!LOW:!MEDIUM:@STRENGTH i am still failing in below - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 1024 bits FS WEAK
- Hannes_Rapp
  Nimbostratus
  Jun 20, 2016
  You can check here for optimal cipher configs: https://devcentral.f5.com/questions/pci-cipher-set . Perhaps PCI DSS 3.1 suite (my second reply in thread) will be good for you if you're looking to harden it a bit further. In regards to your recently reported 'weak' cipher suites, they are more in the pseudo-security category. You can safely ignore them without taking any action for now, but make sure to revise it somewhere in 2017.
Vijay_E
Cirrus
Jun 20, 2016
Give this link a try and see if it improves your SSL Cipher grade.
Vijay_E
Cirrus
Jun 21, 2016
Which code version are you using ? What kind of errors/mistakes to correct are you seeing when checking the SSL Cipher Grade ?

Have you explored these options:

http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html

http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13156.html

http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html

Saravanan_M_K

Employee

Jun 22, 2016

Hi Nuruddin,

What version (including HF if any) are you running? Because the default cipher suites for the keyword DEFAULT that comes with different bigip versions are different.

For e.g. on a 11.6-HF6, you can use 'ECDHE:DEFAULT:!DHE:!3DES' which will produce the following cipher suites:

 tmm --clientciphers 'ECDHE:DEFAULT:!DHE:!3DES'
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM  SHA384  ECDHE_RSA
 1: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES     SHA384  ECDHE_RSA
 2: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1    Native  AES     SHA     ECDHE_RSA
 3: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  Native  AES     SHA     ECDHE_RSA
 4: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  Native  AES     SHA     ECDHE_RSA
 5: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM  SHA256  ECDHE_RSA
 6: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES     SHA256  ECDHE_RSA
 7: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1    Native  AES     SHA     ECDHE_RSA
 8: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  Native  AES     SHA     ECDHE_RSA
 9: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  Native  AES     SHA     ECDHE_RSA
10:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM  SHA384  RSA
11:   156  AES128-GCM-SHA256                128  TLS1.2  Native  AES-GCM  SHA256  RSA
12:    61  AES256-SHA256                    256  TLS1.2  Native  AES     SHA256  RSA
13:    53  AES256-SHA                       256  TLS1    Native  AES     SHA     RSA
14:    53  AES256-SHA                       256  TLS1.1  Native  AES     SHA     RSA
15:    53  AES256-SHA                       256  TLS1.2  Native  AES     SHA     RSA
16:    53  AES256-SHA                       256  DTLS1   Native  AES     SHA     RSA
17:    60  AES128-SHA256                    128  TLS1.2  Native  AES     SHA256  RSA
18:    47  AES128-SHA                       128  TLS1    Native  AES     SHA     RSA
19:    47  AES128-SHA                       128  TLS1.1  Native  AES     SHA     RSA
20:    47  AES128-SHA                       128  TLS1.2  Native  AES     SHA     RSA
21:    47  AES128-SHA                       128  DTLS1   Native  AES     SHA     RSA

In case if you don't want to support TLSv1, you can use 'ECDHE:DEFAULT:!DHE:!3DES:!TLSv1' which produces the following (on 11.6-HF6):

  tmm --clientciphers 'ECDHE:DEFAULT:!DHE:!3DES:!TLSv1'
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM  SHA384  ECDHE_RSA
 1: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES     SHA384  ECDHE_RSA
 2: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  Native  AES     SHA     ECDHE_RSA
 3: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  Native  AES     SHA     ECDHE_RSA
 4: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM  SHA256  ECDHE_RSA
 5: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES     SHA256  ECDHE_RSA
 6: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  Native  AES     SHA     ECDHE_RSA
 7: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  Native  AES     SHA     ECDHE_RSA
 8:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM  SHA384  RSA
 9:   156  AES128-GCM-SHA256                128  TLS1.2  Native  AES-GCM  SHA256  RSA
10:    61  AES256-SHA256                    256  TLS1.2  Native  AES     SHA256  RSA
11:    53  AES256-SHA                       256  TLS1.1  Native  AES     SHA     RSA
12:    53  AES256-SHA                       256  TLS1.2  Native  AES     SHA     RSA
13:    53  AES256-SHA                       256  DTLS1   Native  AES     SHA     RSA
14:    60  AES128-SHA256                    128  TLS1.2  Native  AES     SHA256  RSA
15:    47  AES128-SHA                       128  TLS1.1  Native  AES     SHA     RSA
16:    47  AES128-SHA                       128  TLS1.2  Native  AES     SHA     RSA
17:    47  AES128-SHA                       128  DTLS1   Native  AES     SHA     RSA

If you also do not want to use the weaker SHA1, you can use: 'ECDHE:DEFAULT:!DHE:!3DES:!TLSv1:!SHA1' which will produce the following:

 tmm --clientciphers 'ECDHE:DEFAULT:!DHE:!3DES:!TLSv1:!SHA1'
      ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
0: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM  SHA384  ECDHE_RSA
1: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES     SHA384  ECDHE_RSA
2: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM  SHA256  ECDHE_RSA
3: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES     SHA256  ECDHE_RSA
4:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM  SHA384  RSA
5:   156  AES128-GCM-SHA256                128  TLS1.2  Native  AES-GCM  SHA256  RSA
6:    61  AES256-SHA256                    256  TLS1.2  Native  AES     SHA256  RSA
7:    60  AES128-SHA256                    128  TLS1.2  Native  AES     SHA256  RSA

But in this case remember that you will end up with only TLS1.2 cipher suites. That means those older clients which has only support for TLSv1.1 will be affected. So depending on your requirement, configure the appropriate cipher suite string.

Like I said earlier the default cipher suites for the keyword 'DEFAULT' is different for different BIGIP versions. So better check the above commands from the exact version you are using.

-- Saravanan

Nuruddin_Ahmed_
Cirrostratus
Jun 23, 2016
Hi,

I had raised the TAC for this case and it worked with below -

In order to achieve the A rating, would you be able to test one VS by modifying it's SSL profile with following cipher suites ? ECDHE:!LOW:!MEDIUM:@STRENGTH

tmm --clientciphers 'ECDHE:!LOW:!MEDIUM:@STRENGTH' ID SUITE BITS PROT METHOD CIPHER MAC KEYX

0: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA

1: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA

2: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA

3: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA

4: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA

5: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA

6: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA

7: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA

Many applications stopped working after i applied this as we have some applications which are accessed from client software and few client software supports only weak ciphers.

Forum Discussion

Weak Ciphers

10 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Disabling Weak Ciphers

Disabling Specific Weak Cipher Suites

How to disable weak cipher from Client SSL Profile

Cipher Suites Supported (12.1.5.3)

Lightboard Lessons: Choosing Strong vs Weak Ciphers