F5Networks
Cipher group creation module and Cipher Rule creation module
Is your feature request related to a problem? Please describe.
I am unable to create a custom cipher rule and cipher group via f5networks.f5_modules collection (version 1.36.0).
Describe the solution you'd like
A module to enable custom cipher rules and groups that can be used on the Common partition
Describe alternatives you've considered
This was requested as a feature some years ago (issue https://github.com/F5Networks/f5-ansible/issues/2135) and the response at that time was to use AS3. However AS3 would only allow me to create a cipher group within a partition. Currently I am using the cli to create "global" cipher rules and groups
Additional context
While AS3 cipher groups and rules are useful, my use case is that I want to create custom cipher groups and rules that can be managed, for example by an InfoSec group who have a deeper understanding of cipher vulnerabilities, and then used within AS3 partitions by devops groups. For example, InfoSec might create a "Legacy", "FIPS" and "Future" cipher groups (and the corresponding rules to do this), and tweak it centrally as cipher vulnerabilities are discovered, as they are more in tune with this sort of thing. In the meantime, devops teams can use these groups in ssl profiles in their AS3 files with less knowledge of the ins and outs of the relevant ciphers and groups. These "shareable" cipher rules, groups seem best created in the Common partition where they are then available in any AS3 partition, and this requires ansible (or a cli command) to do
Hi,
Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1936.
Hi @gandasi , In order for us to prioritize this issue please reach out to us at [email protected]
Hi - tried to to send an email to the address listed above, but it bounced back as I am not an approved sender to that email address apparently. Happy to help prioritize if I can, please let me know how to contact you.