Forum Discussion

Sri_Narasimha_11's avatar
Sri_Narasimha_11
Icon for Altostratus rankAltostratus
Apr 05, 2023

Disabling Weak Ciphers

Hi Experts, We've been asked to disable the weak ciphers in F5 (12.1.2). Would like to seek help in getting the relevant ciphers disabled. Currently, it's configured as DEFAULT in SSL profiles. Sha...
  • CA_Valli's avatar
    CA_Valli
    Apr 17, 2023

    I'm running v15.1.8 and the following matches.

    DEFAULT:!TLSv1:!TLSv1_1:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-SHA256
    

     

    I built it starting from DEFAULT:!TLSv1:!TLSv1_1  and excluding explicitly the suites from your comment that still were in the list. (I noticed there was 3 repetitions; also EDH-RSA-DES-CBC3-SHA did not show up in cipher rule so there was no need to specify it)