Pat_70435
Aug 28, 2017Altocumulus
Question on SSL Ciphers - Default SSL profile
Has anyone ever resolved any issues pre upgrades with the F5 regarding server side SSL Profiles and their incompatibility?
I was looking for a way to determine and find what servers will not be compatible with my default serverssl profiles after I upgrade my F5. With moving to the newer versions of code I understand that some SSL Ciphers will be added and others will be removed for security purposes.
I understand that in order to temporarily resolve these issues I can configure the "serverssl-insecure-compatible" option on a VIP. I have a couple hundred VIPs, is there any way to search what VIPs or Servers will not be compatible via the default SSL Server Side Profile in order to reduce impact to those VIPs?