dlogsdonmd
Jun 14, 2017Nimbostratus
Block Ciphers F5 LTM
Hello, I want to block specific ciphers on my LTM. We use a common SSL client profile for a good chunk of our sites/subdomains. Below are the two ciphers I want to block (SSL Labs reports them as weak). Below that is what we currently have on our SSL client profile.
We're running LTM 11.5.1 build 6.0 hotfix FH6
Ciphers need to block:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Currently configured on LB:
DEFAULT:!SSLv3:!RC4
Should SLL profile be updated as below?
DEFAULT:!SSLv3:!RC4:!3DES
I don't want to guess so appreciate any assistance provided.
Thanks in advance.
Diane