bluestar007_339
Nov 12, 2017Nimbostratus
cipher help
Hi, BIG IP 11.5
I have the following profile
ltm profile client-ssl clientssl {
alert-timeout 10
app-service none
authenticate once
authenticate-depth 9
ca-file none
cache-size 262144
cache-timeout 3600
cert default.crt
cert-extension-includes { basic-constraints subject-alternative-name }
cert-key-chain {
default {
cert default.crt
key default.key
}
}
chain none
ciphers DEFAULT
client-cert-ca none
crl-file none
handshake-timeout 10
inherit-certkeychain false
key default.key
mod-ssl-methods disabled
mode enabled
options { dont-insert-empty-fragments }
passphrase none
peer-cert-mode ignore
renegotiate-max-record-delay indefinite
renegotiate-period indefinite
renegotiate-size indefinite
renegotiation enabled
secure-renegotiation require
strict-resume disabled
unclean-shutdown enabled
ltm profile client-ssl test {
app-service none
cert digicert.crt
cert-key-chain {
digicert {
cert digicert.crt
chain gdigicertchain.crt
key digicert.key
}
}
chain gdigicertchain.crt
defaults-from clientssl
inherit-certkeychain false
key digicert.key
passphrase none
}
I need to change the cipher suite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
If I change ' CIPHER' in the test profile does it work ? .Or Need to do something else .
ltm profile client-ssl test {
app-service none
cert digicert.crt
cert-key-chain {
digicert {
cert digicert.crt
chain gdigicertchain.crt
key digicert.key
}
}
chain gdigicertchain.crt
**ciphers DEFAULT:ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS**
defaults-from clientssl
inherit-certkeychain false
key digicert.key
passphrase none
}