f5-ansible icon indicating copy to clipboard operation
f5-ansible copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

RFE: ciphers groups / ciphers rules modules

Open amolari opened this issue 3 years ago • 3 comments

Is your feature request related to a problem? Please describe.

Enabling TLS1.3 in a SSL profile requires that the ciphers are configured in a LTM Cipher group, and not directly in the SSL profile anymore. Today, the module bigip_profile_client_ssl supports an attribute cipher_group. However we are not able to create an own/customized cipher group (based on customized cipher rule). Note: today the module bigip_profile_server_ssl does not supports the attribute cipher_group.

Describe the solution you'd like

Add the following modules to support the solution:

  • LTM ciphers rules
  • LTM ciphers groups

amolari avatar May 26 '21 16:05 amolari

Created INFRAANO-396 for internal PM tracking.

trinaths avatar Jun 16 '21 22:06 trinaths

I'm also interested in this feature idea.

gitnetofr avatar Jul 12 '21 10:07 gitnetofr

@amolari @gitnetofr - this can be achieved with F5 Ansible collections V2.

For Cipher groups and Cipher support see the AS3 declaration and use ansible playbook to apply.

Hope this helps.

This RFE is not valid for Collections V1.

trinaths avatar Jul 14 '21 20:07 trinaths

@trinaths Moving to AS3 declaration is not possible for us at this time due to the lack of some features (and time to implement it). Please reconsider your decision and if you decide "won't implement", may I ask you to close the issue?

amolari avatar Oct 05 '22 20:10 amolari

This can be achieved with F5 Ansible collections V2. For Cipher groups and Cipher support see the AS3 declaration and use ansible playbook to apply.

KrithikaChidambaram avatar Nov 30 '22 17:11 KrithikaChidambaram