SSL Labs A rating - 2017 Jan update

Question

SSL Labs will change their rating. It will give penalties if still using 3DES with TLS 1.1 and newer protocol. 
How could I configure Bigip to support this ? But still support 3DES with TLS 1.0. &nbsp;
https://blog.qualys.com/ssllabs/2017/01/18/ssl-labs-grading-changes-january-2017&nbsp;
I´m using this chiper settings on the profile: 
!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4:@STRENGTH&nbsp;

leonardo_souza · Answer

I don't think that is possible, when you disable 3DES it will be for all protocols.
You can check what protocols will be used with this command:
tmm --clientcipher "cipher"

Your cipher in a v13 box, only shows AES.

kai_wilke · Answer

Hi Magnus,&nbsp;
you may check out my post...&nbsp;
https://devcentral.f5.com/questions/howto-getting-an-awesome-qualys-ssl-labs-rating-feb-2017-update-51489&nbsp;
The post contains a chipher string that supports 3DES for TLS1.0, TLS1.1 and TLS1.2 but achives an A or even A+ rating by placing DES to the very buttom of the list. &nbsp;
Note: Please review the comments of my post. They are containing additional information to secure DH and 3DES usage.&nbsp;
Cheers, Kai&nbsp;

carlitos05 · Answer

Kai, your post does not exist any more?

lidev · Answer

Hi Carlitos,&nbsp;The link is valid here :https://devcentral.f5.com/s/feed/0D51T00006aEjM9SAK&nbsp;if you are running v13.x or 14.x of BIG-IP, you can now configure a custom cipher group using the Configuration utility.&nbsp;Regards

Forum Discussion

SSL Labs A rating - 2017 Jan update

4 Replies

Recent Discussions

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Related Content

F5 Labs Publishes October Update to Sensor Intel Series

Building a lab using Proxmox

Auditing Security Policy Updates

Achieving an SSL Labs A+ score with F5 products

F5 Labs - Helpers Behind the Scenes