Weak Ciphers - BigIP 11.5.4

Question

Hello Everyone,&nbsp;
I have BIG-IP 11.5.4 in production and below Ciphers for SSL profile:&nbsp;
DEFAULT:!RC4:!3DES&nbsp;
There are some open weak ciphers when I scan.&nbsp;
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)&nbsp;
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)&nbsp;
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)&nbsp;
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)&nbsp;

Can someone please help me on this, let me know how to block these and if there are any ciphers then please share it?&nbsp;

ajaz_ahmed_3671 · Answer

Anyhelp from F5 experts.&nbsp;

samir_jha_52506 · Answer

If you have only problem with above mentioned weak cipher then use below. 
Validate these cipher in non-prod environment then go for prod. 
    DEFAULT:!RC4:!3DES:!AES256-SHA256:!AES256-SHA:!AES128-SHA256:!AES128-SHA:@STRENGTH

Update us if any issue. Happy to help.

ajaz_ahmed_3671 · Answer

Hey, thanks for your help. I'll validate the given cipher and update here.&nbsp;

Forum Discussion

Weak Ciphers - BigIP 11.5.4

3 Replies

Recent Discussions

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Related Content

Re: BigIP Report

Cipher Suites Supported (12.1.5.3)

Cipher Suite Practices and Pitfalls

LTM Cipher rule

Disabling Weak Ciphers