Forum Discussion

Altostratus

Apr 12, 2018

Configure for legacy SSL cipher suite

LTM & ASM provisioned Since the upgrade from 12.1.2 to 13.1.0.4 one of my customers has not been able to access their app. The customer is using XP and Internet Explorer 8. When the upgrad...

application delivery

LTM

nathe

Cirrocumulus

Apr 12, 2018

Duncan,

What's your current client ssl configuration for the VIP (I assume this didn't change during the upgrade)? From this URL Wikipedia WXP and IE 8 only supports TLS 1.0, 3DES and RC4. In the "Default" SSL profiles in v12 there was a 3DES cipher, but this is no longer present in the "Default" profile for v13.

Once you've found the ciphers you need you would follow this link Configuring the cipher strength for SSL profiles to create the cipher string. For example, if you were using the default clientssl profile, then creating a new, custom, clientssl profile and amending the string to be 'DEFAULT:3DES:!ADH:!EXP:!SSLv3:!LOW' would add 3DES support. Would advise to be cautious though when adding less secure ciphers.

Hope this helps,

Forum Discussion

Configure for legacy SSL cipher suite

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Legacy ASM Templates

Migrating F5 BIG-IP APM From Legacy NAC Service to Compliance Retrieval Service

SSL 3.0.7 - Unsafe legacy renegotiation disabled on client side

SSL Legacy Renegotiation vs Secure Renegotiation Explained using Wireshark

Cipher Suites Supported (12.1.5.3)