AES_256_CBC is obsolete. Enable an AES-GCM based cipher suite.

Question

Hi Team,&nbsp;
Could someone please help me in enabling AES-GCM based cipher suite. Version I am using is "BIG-IP 11.5.4 Build 2.0.291 Hotfix HF2&nbsp;
Do let me your thoughts or experience on doing this?&nbsp;

rafaelbn · Answer

Hello Sudhir!
You're probably having a hard time enabling because this cipher is not on the default list of ciphers on v11.5.4.
You will have to edit your client/server ssl profile to add it to the possible ciphers to use. The paper K17370 explains how to do that. I believe, that your final cipher list on the client-ssl profile will be something like this:
DEFAUL:AES-GCM

Cheers! Rafael

Forum Discussion

AES_256_CBC is obsolete. Enable an AES-GCM based cipher suite.

1 Reply

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

I'm Sorry Sir, You're Obsolete

F5 predicts: The dumb firewall will become obsolete

CPU Increase when enabling AES-GCM

RSA key exchange is obsolete. Enable an ECDHE-based cipher suite

Chrome: Your connection is encrypted with obsolete cryptography with 10.2.4HF11 LTM