Cipher string for "fussy" server

Question

I am trying to connect to an https server, but cannot get it to accept the ciphers offered in the clientHello on the BigIP.&nbsp;
Would someone please help me with the cipher string to put in my serverssl profile? The bigip is running v11.1&nbsp;
According to openssl, the server supports the following ciphers:&nbsp;
 &nbsp;
  Supported Cipher(s):&nbsp;
    Accepted  TLSv1  128 bits  DHE-DSS-AES128-SHA&nbsp;
    Accepted  SSLv3  128 bits  DHE-DSS-AES128-SHA&nbsp;
    Accepted  SSLv3  168 bits  EDH-DSS-DES-CBC3-SHA&nbsp;
    Accepted  SSLv3  56 bits   EDH-DSS-DES-CBC-SHA&nbsp;
    Accepted  SSLv3  40 bits   EXP-EDH-DSS-DES-CBC-SHA&nbsp;
    Accepted  TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA&nbsp;
    Accepted  TLSv1  56 bits   EDH-DSS-DES-CBC-SHA&nbsp;
    Accepted  TLSv1  40 bits   EXP-EDH-DSS-DES-CBC-SHA&nbsp;
 &nbsp;
  Prefered Server Cipher(s):&nbsp;
    SSLv3  128 bits  DHE-DSS-AES128-SHA&nbsp;
    TLSv1  128 bits  DHE-DSS-AES128-SHA&nbsp;
 &nbsp;

nitass · Answer

i do not see DSS in ciphers supported list.&nbsp;
&nbsp;
sol13163: SSL ciphers supported by BIG-IP SSL profiles (11.x)&nbsp;
http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html&nbsp;

uni · Answer

Brilliant. Thanks nitass. We hopefully just need them to put certificates with RSA keys on the server.

Forum Discussion

Cipher string for "fussy" server

2 Replies

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Cipher Suites Supported (12.1.5.3)

LTM Cipher rule

Cipher Suite Practices and Pitfalls

Disabling Weak Ciphers

Disable below cipher