Exact syntax for SSL ciphers

Question

Hi,&nbsp;
Trying to help a coworker with an SSL Client profile request with custom ciphers.
So far I have been able to see the ciphers supported on F5 but not the exact syntax when you configure them.&nbsp;
I checked the TMSH manual and did some searching on KB but all i find are strengths of ciphers and so on - nothing on the way the ciphers have to be written (i.e : TLS1.2 is TLSv_1.2)&nbsp;
Apologies in advance if I missed something obvious.&nbsp;

iainthomson85_1 · Answer

The best thing to do - is view the ciphers that are currently in use via CLI.&nbsp;
How its displayed in the CLI (Bash) is how it should be put into the Client SSL Profile (I'm assuming that's where you want to disable them)&nbsp;
Alternatively the Client SSL profile also gives you options to do things the easy way like "Disable all SSL Ciphers" under the options section...&nbsp;

alin_olar_24603 · Answer

The Problem is i want to add ciphers , not remove them.
Hence the issue with knowing the syntax.&nbsp;

iainthomson85_1 · Answer

What Cipher do you want to use ? 
Ciphers are included in the version of OpenSSL that the BigIP is running.&nbsp;

alin_olar_24603 · Answer

This is what the request looks like :&nbsp;
SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'&nbsp;
SSLProtocol -ALL +TLSv1.1 +TLSv1.2&nbsp;

Forum Discussion

Exact syntax for SSL ciphers

4 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Cipher Suites Supported (12.1.5.3)

LTM Cipher rule

Cipher Suite Practices and Pitfalls

Disabling Weak Ciphers

Disabling Specific Weak Cipher Suites