Aviv
Jul 12, 2015Cirrus
SSL Ciphers
Hi!
i have big-ip 11.5.1
according to ssllabs.com test i need to config only this ciphers on ssl profile :
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 1...
Because of the recent Logjam vulnerabilities targeting Diffie-Helman
A recommended course of action is to simply prefer ECDHE (instead of DHE). So a good cipher string would be something like this:
!SSLv2:!EXPORT:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:RSA+AES-GCM:RSA+AES:RSA+3DES:-MD5:-SSLv3:-RC4