Amending clientssl ciphers with TMSH
Guys,
Hopefully someone has already covered this one but I have the following clientssl profile
ltm profile client-ssl pw_clientssl {
cert pw.bigip.test.com.crt
ciphers DEFAULT
defaults-from clientssl
key pw.bigip.test.com.key
}
with the default clientssl as follows:
ltm profile client-ssl clientssl {
alert-timeout 60
authenticate once
authenticate-depth 9
ca-file none
cache-size 262144
cache-timeout 3600
cert default.crt
chain none
ciphers DEFAULT
client-cert-ca none
crl-file none
handshake-timeout 60
key default.key
mod-ssl-methods disabled
mode enabled
options { dont-insert-empty-fragments }
passphrase none
peer-cert-mode ignore
renegotiate-max-record-delay 10
renegotiate-period indefinite
renegotiate-size indefinite
renegotiation disabled
strict-resume disabled
unclean-shutdown enabled
}
I am wanting to test amending the ciphers from default to either of the following without success using tmsh.
HIGH:MEDIUM:!SSLv2 or -ALL:RC4:!SSLv2:!NULL:!ADH:!LOW:!EXP:+LSv1:+SSLv3:HIGH:MEDIUM
If i use the following:
tmsh modify ltm profile client-ssl pw_clientssl ciphers HIGH:MEDIUM:!SSLv2
tmsh modify ltm profile client-ssl pw_clientssl ciphers -ALL:RC4:!SSLv2:!NULL:!ADH:!LOW:!EXP:+LSv1:+SSLv3:HIGH:MEDIUM
I receive error: -bash: !SSLv2: event not found
Surely I can amend the ciphers string with TMSH?
Any ideas chaps as I've followed the tmsh documentation and there's nothing else I can currently think of?