Wednesday, June 3, 2009

Restricting Weak SSL Ciphers, F5 BigIP

v9.x Software

SSL functions are performed and configured using SSL client and server profiles. Replace the clientssl parameter to serverssl to configure server SSL profiles.

Image:Applications-internet2-small.png Using the GUI

Assuming you use it as the parent profile, modify the built in clientssl profile cipher list as follows;
  1. Browse to Local TrafficProfilesSSLClient
  2. Select the clientssl profile
  3. Select ConfigurationAdvanced
  4. Enter the following in the Ciphers text box: -ALL:!ADH:!LOW:!EXP:!SSLv2:!NULL:RC4:RSA:HIGH:MEDIUM
  5. Click Update

All profiles using the clientssl parent profile are automatically updated.

Profiles not using this parent profile will have to be manually updated, selecting the relevant profile at step 2.

Image:Utilities-terminal-small.png Using the CLI

bigpipe profile clientssl clientssl \{ ciphers \-ALL:\!ADH:\!LOW:\!EXP:\!SSLv2:RC4:RSA:HIGH:MEDIUM\ \}


Source:- http://www.routerzone.eu/wiki/index.php/Restricting_Weak_SSL_Ciphers,_F5_BigIP

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)