Danny_Cabrera_3
Jan 09, 2019Nimbostratus
Weak Ciphers Supported
Hello, BIG IP F5 LTM 12.1.2, Hotfix-BIGIP-12.1.2.2.0.276-HF2
I have one ssl client profile with the following cipher:DEFAULT:!3DES:!DHE!TLSv1:!TLSv1_1
When I perform an SSL scan of the associated domain, it shows as vulnerable:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (DH 1024 bit, WEAK DH Group Size) TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (DH 1024 bit, WEAK DH Group Size) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (DH 1024 bit, WEAK DH Group Size)
On the same SSL profile, I also configure this chain: !EXPORT:!3DES:!DHE:!DH:!MD5:!SSLV3:!DTLv1:!ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:!TLSv1_1:tlsV1_2
I have the same problem ¿Could you help me to fix it?
TLS_DHE_RSA_WITH_AES_128_CBC_SHA