Forum Discussion

rgordon_01's avatar
rgordon_01
Icon for Nimbostratus rankNimbostratus
Sep 06, 2018

SSL profile Cipher string

I upgraded our LTM device from 12.1.2 to 13.1.1 and some of the default ciphers were removed which broke the handshake for some of our older clients. This is the cipher the client uses that worked in 12.1.2 (seen in wiresharKk) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA When I run tmm --clientciphers DEFAULT - on the 13.1.1 box I can see that is no longer in the defaults. when I run the same command on the 12.1.2 box I do see it (below)

 

   ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX

28: 10 DES-CBC3-SHA 168 TLS1 Native DES SHA RSA

 

My question is -how do I enter that as a cipher string in the SSL profile ? is it just DES or is it DES-CBC3-SHA I would test both but this in production so I can't keep flipping between the new and old code (active and standby) just to test. hopefully this is an easy answer but I couldn't find online anywhere telling exactly which string to use for which suite.