Are you monitoring your SSL Cipher strings?

Keeping track on your SSL cipher strings has always been a head ache of F5 administrators. There are good tools out there, like Qualys SSL Labs that does a good job at scanning and finding flaws in your SSL configuration, and it even has an API you can use.


However, one needs to always use DNS to scan the sites and that can be challenging to automate even with the F5 iControl API. This is where Indeni can help by scanning the actual configuration on the F5 rather than having a script guess the different DNS's associated with each virtual server. On top of that you even get the possibility to scan internal services.


Qualys, or a tool is great too as they specialize 100% on SSL and gives you best practices as well as warning about weak ciphers, but they certainly do complement each other to make your environment safe.

Is this one of the alerts?

https://indeni.com/alerts/weak-cipher-used-with-ssl-profiles-for-f5/