I would love some help on which ciphers to use. It’s unclear how the configuration works and what the so-called cipher strings works.
Great question! Ciphers are a common head ache and it can be tricky to de-cipher the strings (pardon the pun). Essentially you can use some keywords which could mean different things depending on which version of F5 you use. Example being the word DEFAULT, which would include SSLv3 on ie. v10.
It’s easy to test if you are vulnerable to some attacks targeting weak ciperhs by using ie. Qualys SSL Labs. And of course, if you want this automated you can use Indeni to do it for you.
This article describes the details well:
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-custom-cipher-ssl-negotiation-configuration-13-0-0/1.html
/Patrik
1 Like