Hi community
I have a reverse proxy configured with
tls-v12-cipher-specs = TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA
more readable
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA
But when i analyze it with ssllabs.com i says
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
these 3 extra appears
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
only tls-v12 is enabled (not disabled)
(the analyze is made through a public ip served by an F5 in front of the webseal (10.0.7)
Any explanation?
I've found this documentation, but I can't see the pattern.
Note: TLS Version 1.2 CipherSpecs that do not explicitly indicate a SHA256 or SHA384 hash implicitly use a SHA256 or SHA384 hash. However, the use of CipherSpecs that do not explicitly indicate a SHA256 or SHA384 hash with TLS Version 1.2 might result in interoperability problems with SSL and TLS stacks. CipherSpecs with explicit SHA256 or SHA384 hashes must be used.
BR Carsten
------------------------------
Carsten Jensen
ATP
+4530595704
------------------------------