Forum Discussion
Hello
Configure cipher strength in your profile
https://support.f5.com/csp/article/K13171
Cipher List base on your release
https://support.f5.com/csp/article/K13156
Recopilation of KB about ciphers
https://support.f5.com/csp/article/K8802
KR,
Dario.
Jun 10, 2019
BTW, "TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)" is weak because of the key exchange (it's not ephemeral).
You can configure your ciphersuite as "DEFAULT:!RSA" to avoid using not ephemeral key exchanges.
# tmm --clientciphers DEFAULT:\!RSA
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 159 DHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 EDH/RSA
1: 158 DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 EDH/RSA
2: 107 DHE-RSA-AES256-SHA256 256 TLS1.2 Native AES SHA256 EDH/RSA
3: 57 DHE-RSA-AES256-SHA 256 TLS1 Native AES SHA EDH/RSA
4: 57 DHE-RSA-AES256-SHA 256 TLS1.1 Native AES SHA EDH/RSA
5: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Native AES SHA EDH/RSA
6: 57 DHE-RSA-AES256-SHA 256 DTLS1 Native AES SHA EDH/RSA
7: 103 DHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 EDH/RSA
8: 51 DHE-RSA-AES128-SHA 128 TLS1 Native AES SHA EDH/RSA
9: 51 DHE-RSA-AES128-SHA 128 TLS1.1 Native AES SHA EDH/RSA
10: 51 DHE-RSA-AES128-SHA 128 TLS1.2 Native AES SHA EDH/RSA
11: 51 DHE-RSA-AES128-SHA 128 DTLS1 Native AES SHA EDH/RSA
12: 22 DHE-RSA-DES-CBC3-SHA 168 TLS1 Native DES SHA EDH/RSA
13: 22 DHE-RSA-DES-CBC3-SHA 168 TLS1.1 Native DES SHA EDH/RSA
14: 22 DHE-RSA-DES-CBC3-SHA 168 TLS1.2 Native DES SHA EDH/RSA
15: 22 DHE-RSA-DES-CBC3-SHA 168 DTLS1 Native DES SHA EDH/RSA
16: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
17: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
18: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
19: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
20: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
21: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
22: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
23: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
24: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
25: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
26: 49170 ECDHE-RSA-DES-CBC3-SHA 168 TLS1 Native DES SHA ECDHE_RSA
27: 49170 ECDHE-RSA-DES-CBC3-SHA 168 TLS1.1 Native DES SHA ECDHE_RSA
28: 49170 ECDHE-RSA-DES-CBC3-SHA 168 TLS1.2 Native DES SHA ECDHE_RSA
KR,
Dario.