Soft Disable Cipher but enable the following .....

Question

I'm looking to soft disable RSA as the key exchange but enable the following cipher string, &nbsp;
TLS_RSA_WITH_AES_128_CBC_SHA256 &nbsp;
I've tried -RSA:AES128-CBC-SHA256 and some various similar commands but the F5 doesnt seem to accept it. &nbsp;
Can anyone guide me please? &nbsp;
I've read the following but still cant get it to work using there examples 
https://devcentral.f5.com/articles/cipher-suite-practices-and-pitfalls-25564&nbsp;

anesh · Answer

If you want to remove cipher suites using RSA key Exchange, try below:
DEFAULT:!RSA

anesh · Answer

Can you provide the output of the below commands
tmm --clientciphers '-RSA:AES128-SHA256'

and
tmm --clientciphers '-RSA:RSA+AES+SHA'

Forum Discussion

Soft Disable Cipher but enable the following .....

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Disabling Weak Ciphers

Disabling Ciphers

Cipher Suites Supported (12.1.5.3)

Cipher suite mismatch advertisement/warning

How to disable weak cipher from Client SSL Profile