F5 ciphersuite syntax
Help me understand F5 ciphersuite syntax please: https://support.f5.com/csp/article/K13400
In the client-ssl ciphers syntax the article states that if you want to support TLS1.0 and SSL3.0 do the following:
tmsh create /ltm profile client-ssl ciphers DEFAULT:-SSLv3:-TLSv1:RC4-SHA
If you don't want to allow SSLv3 do the following:
tmsh create /ltm profile client-ssl ciphers DEFAULT:!SSLv3:-TLSv1:RC4-SHA
that would make sense because the exclamation mark (!) negates that protocol.
In the same article to disable all protocols except TLS1.2 for management access the syntax is as follows:
modify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:-TLSv1:-SSLv3:RC4-SHA'
Logic seems to suggest that this syntax is allowing protocols from SSLv3 and above. Meaning allow 'ALL' except those with the '!' and then explicitly allowing TLSv1 and SSLv3 (and above).
Since the article says I'm wrong how an I supposed to read this??? Confused!!!