Forum Discussion

Nimbostratus

Nov 12, 2017

cipher help

Hi, BIG IP 11.5 I have the following profile ltm profile client-ssl clientssl { alert-timeout 10 app-service none authenticate once authenticate-depth 9 ca-file none cache-size 262144 cache-...

application delivery

BIG-IP

Hannes_Rapp

Nimbostratus

Yup, apply custom cipher configuration to your custom profile, or even better, refer to model below. I've found it's best to leave default vendor profiles untouched at all times. But I also do not want to waste time repeating same custom settings across many app-specific profiles. So I found 3-tiered models work the best. Here's what I do:

```
clientssl
```
(vendor default). Always untouched
```
clientssl_base
```
(defaults-from clientssl). Here I apply my custom configurations to be used across all app-specific profiles. Advantage of having this profile - I only have to define my custom configurations, i.e. preferred cipher suites just once without having to alter vendor defaults.
```
clientssl_appspecific
```
. (defaults-from clientssl_base). This profile has application-specific TLS cert/key pair attached to it, cipher configuration and all other settings are derived from clientssl_base profile.

bluestar007_339

Nimbostratus

Nov 12, 2017

Hi, Thanks for the reply .

If the BOX does not support "ECDH+AESGCM" suite ,what is the point adding in profile . How do I make sure that box support ECDH+AESGCM

Thanks

Forum Discussion

cipher help

Recent Discussions

BWC iRule

GTM Packet Capture command

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

F5 ASM logging profile to specify source IP

Related Content

Cipher Suites Supported (12.1.5.3)

LTM Cipher rule

Cipher Suite Practices and Pitfalls

Disabling Weak Ciphers

Disabling Specific Weak Cipher Suites