Server SSL Profile

Question

Can someone explain this in the server ssl profile properties. I thought that the BIG-IP was server cipher preference. So between the BIG-IP and server the BIG-IP is the client. But from the statement below this is saying the opposite. Please explain.&nbsp;
Cipher server preference: When the BIG-IP system chooses a cipher, this option uses the server's preferences instead of the client preferences. When this option is not set, the SSL server always follows the clients preferences. When this option is set, the SSLv3/TLSv1 server chooses by using its own preferences. For SSLv2, the server sends its list of preferences to the client, and the client always chooses the cipher.&nbsp;

kevin_k_51432 · Answer

Greetings,&nbsp;
I think the intent of this option is to cause BIG-IP to pause the client side SSL connection, handshake with the server, get the server's cipher and then negotiation with the client using that cipher. However, I don't believe this option works based on this article which probably needs an update:&nbsp;
https://support.f5.com/csp/article/K12390&nbsp;
Hope this is helpful!&nbsp;
Kevin&nbsp;

sip_354925 · Answer

Thanks for the response and explanation. Agreed. That article needs an update.&nbsp;

kevin_k_51432 · Answer

Your welcome. I've requested an update for the article. &nbsp;
After digging in a bit more, I'd like to confirm that you were correct in your initial summary:&nbsp;
"I thought that the BIG-IP was server cipher preference"&nbsp;
So if this bug is fixed, either the option will be removed, or another possible option could be to move this into the enabled box of the SSL profile.&nbsp;
Kevin&nbsp;

sip_354925 · Answer

Thanks!!&nbsp;

Forum Discussion

Server SSL Profile

4 Replies

Recent Discussions

About custome Response Blocking Page

Office Online Server with SharePoint 2016

health monitor source IP address

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

Related Content

Server Profile SNI

Client vs Server SSL profile

Check a Virtual Server's SSL Status

SSL PROFILE - How to use multiple SSL Profile Client in Virtual Server

Modify SSL profiles via REST API