Adding Cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA"

Here is a solution which has a section for how to configure the ssl profile to include a specific SSL cipher: SLO13171

Note that if you add this cipher and you're still running 11.4.1 HF3 you will make yourself vulnerable to CVE-2014-8730 (TLS POODLE) - see SOL15882.

I'd recommend upgrading to a fixed version, such as 11.4.1 HF8, which has a code fix for this. Then you could go back to a string such as "DEFAULT:!SSLv3" (you still need to disable SSLv3 for POODLE). SSLv2 is disabled by default, so you don't need !SSLv2 - but using it doesn't hurt.

Thanks all for the reply.

I am having list of cipher suites.Whether all the below ciphers are vulnerable .

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DH_RSA_WITH_AES_256_CBC_SHA TLS_DH_DSS_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DH_RSA_WITH_AES_128_CBC_SHA TLS_DH_DSS_WITH_AES_128_CBC_SHA

thanks

ALL ciphers except for RC4 are vulnerable to CVE-2014-8730. (AES-GCM is not, but BIG-IP doesn't support that until 11.5.0.) Unless you have a patched release (as per SOL15882) the ONLY non-vulnerable cipher is RC4. All other ciphers are CBC-mode, even if they don't have 'CBC' in the name, and all CBC ciphers are vulnerable.