Forum Discussion

Duncan_Proffitt's avatar
Duncan_Proffitt
Icon for Altostratus rankAltostratus
Apr 12, 2018

Configure for legacy SSL cipher suite

LTM & ASM provisioned

 

Since the upgrade from 12.1.2 to 13.1.0.4 one of my customers has not been able to access their app.

 

The customer is using XP and Internet Explorer 8. When the upgrade happened, there was an adjustment of the types of ciphers used and some were taken off. One of the ones taken off used a 128 bit cipher suite and we would need a process of elimination to find out which one .. which isnt the problem. As the application, operating system needed and browser used are all legacy software, I am struggling to come up with options on how to add the missing cipher.

 

Any suggestions would be gratefully received.

 

application delivery
LTM

1 Reply

Sort By
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Apr 12, 2018

    Duncan,

     

    What's your current client ssl configuration for the VIP (I assume this didn't change during the upgrade)? From this URL Wikipedia WXP and IE 8 only supports TLS 1.0, 3DES and RC4. In the "Default" SSL profiles in v12 there was a 3DES cipher, but this is no longer present in the "Default" profile for v13.

     

    Once you've found the ciphers you need you would follow this link Configuring the cipher strength for SSL profiles to create the cipher string. For example, if you were using the default clientssl profile, then creating a new, custom, clientssl profile and amending the string to be 'DEFAULT:3DES:!ADH:!EXP:!SSLv3:!LOW' would add 3DES support. Would advise to be cautious though when adding less secure ciphers.

     

    Hope this helps,

     

    N