Ciphers on profiles

Question

Hi!&nbsp;
Maybe this is stupid question, but I need to know if a virtual server, with ssl server and client profiles, would have any issue if on the ssl client profile uses a particular cipher (let's say TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) and on the ssl server profile uses other cipher (also let's say TLS_RSA_WITH_AES_128_GCM_SHA256.)&nbsp;
On the client profile is using a cert issued by a CA, and the server (the real one) is using a self-signed cert (the server profile is ignoring this.) SSL renegotiation is disabled using iRule on the virtual server.&nbsp;
Thank you in advance.&nbsp;

daniel_varela · Answer

There is no problem with that, actually is quite common. You can expose to the customer a strong clientssl profile where you enforce the most secure cipher string and in the server side as it may be consider a secure environment you can relax that policy by enforcing less consuming ciphers on your serverssl profile. Remember BIG-IP is a full proxy which means that client and server sides are different connections and that gives you a lot flexibility.

Forum Discussion

Ciphers on profiles

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Capture Virtual Server Clientssl Profile & Ciphers Mapping - Bash

SSL Profiles Part 4: Cipher Suites

TMOS script for updating SSL profile cipher group and TLS versions

Cipher Suites Supported (12.1.5.3)

Disabling Weak Ciphers