Forum Discussion

cebrerosrechie's avatar
cebrerosrechie
Icon for Nimbostratus rankNimbostratus
Oct 20, 2023

serverssl cipher suites

Hi,

Is there an easier way to know what are the cipher suites that the backend server (pool member) can support? I have read an article but it requires to create a script. I know there is openssl but this will only show the cipher that the backend server used to communicate back with F5.

So I was thinking like if from F5 perspective will it be able to perform an sslscan what are the available ciphers suites the backend server can support?

Thanks, and regards,

Rechie

application delivery
certificate
LTM
ssl
sslhandshake

2 Replies

Sort By
  • Amine_Kadimi's avatar
    Amine_Kadimi
    Icon for MVP rankMVP
    Oct 21, 2023

    The way the SSL Handshake works is that the client sends its supported ciphers and the server picks one of them, so to check what ciphers are supported by the server from a client point, you need to loop through an exhaustive list of ciphers one by one and try to connect to the server, this is why it needs to be scripted. I don't think F5 provides such script. If you can't use other options apart from F5 point, you can search for a bash, pythor or perl script to run from F5, but you will need to provide it with accurate list of ciphers. I would rather use other options as it's not the job of F5 to list server ciphers

  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    Oct 23, 2023

    cebrerosrechie I'm not sure what you are attempting to solve for here. Most if not all HTTPS server applications will have a document that tells you what the SSL ciphers supported based on the configuration you have in place, especially if you haven't modified the cipher suite from the default. As an example, the following link shows you where the SSL cipher suite is configured in apache.

    https://www.namecheap.com/support/knowledgebase/article.aspx/10100/38/cipher-suites-configuration-for-apache-nginx/