1 . 登录F5控制台
2 .点击 Local Traffic > Profiles > SSL > Client.
3 . 点击需要配置的profile
4 . 在配置中选择高级选项
5 . 勾选定制, 在cipher框中输入相应配置
例如:
DEFAULT:ECDHE:ECDHE_ECDSA:DHE_DSS
DEFAULT:-RSA:!DES:!RC4:!SSLv2:!SSLv3:!TLSv1:TLSv1_2:COMPAT:AES128-GCM-SHA256
每个配置的意思可以查看下表:
Parameter | Definition |
!SSLv2 | Do not use SSLv2 protocol |
!EXPORT | Do not use EXPORT grade (weak) ciphers |
DHE+AES-GCM | Use DHE+AES-GCM ciphers |
DHE+AES | Use DHE+AES ciphers |
DHE+3DES | Use DHE+3DES ciphers |
RSA+AES-GCM | Use RSA+AES-GCM ciphers |
RSA+AES | Use RSA+AES ciphers |
RSA+3DES | Use RSA+3DES ciphers |
ECDHE+AES-GCM | Use ECDHE+AES-GCM ciphers |
ECDHE+AES | Use ECDHE+AES ciphers |
ECDHE+3DES | Use ECDHE+3DES ciphers |
-MD5 | Do not use MD5 ciphers |
-SSLv3 | Do not use SSLv3 protocol |
-RC4 | Do not use RC4 ciphers |