# F5 cipher-string explainer

> Paste an F5 BIG-IP cipher string and get every keyword and operator explained plus a security read, all in your browser.

- Tool: https://ronutz.com/en/tools/f5-cipher-string-expander
- Family: TLS & transport

---

## What it does

Paste an F5 BIG-IP cipher string and the tool explains every keyword and operator in it and flags the weak or deprecated choices. It reads the string, the value of the `cipher` field on a cipher rule or SSL profile, and turns its compact syntax into a plain-language account of what it selects and in what order. It runs entirely in your browser.

## How an F5 cipher string is built

A BIG-IP cipher string is an ordered list of cipher sets, separated by a colon, a comma, or whitespace, and order is significant because it expresses the server's preference. Within one set, keywords are combined with `+`, so `ECDHE+AES-GCM` means the ciphers that are both ECDHE and AES-GCM. The keywords name the pieces of a suite: the protocol version, the key exchange, the authentication, the bulk cipher, and the MAC. `DEFAULT` stands for F5's built-in default set, a common starting point.

## The operators, which are the subtle part

A set can carry a leading operator, and the difference between them matters:

- **`!`** permanently excludes matching ciphers; once excluded this way, they cannot be added back by a later term.
- **`-`** deletes matching ciphers, but unlike `!`, a later term can add them back.
- **`+`** does not add; it moves matching ciphers to the end, lowering their priority.

And `@STRENGTH` re-sorts the whole list by key length. Confusing `!` with `-`, or forgetting that `+` reorders rather than adds, is a common source of a cipher string that does not do what its author intended, which is exactly what the tool makes visible.

## The security read, and one honest limit

The tool flags weak and deprecated elements, such as export-grade, RC4, or 3DES ciphers and obsolete protocol versions, so a risky string stands out. One thing it deliberately does not do: it does not reproduce the exact final ordered list of cipher suites a specific BIG-IP would produce, because that depends on the cipher table of the particular software version on the box. It explains the string; it does not stand in for the device.

## Using it

Paste a cipher string from a cipher rule or an SSL profile and read each keyword and operator explained, with weak choices flagged. The analysis is deterministic and local.

## Standards and references

- [F5 BIG-IP SSL Administration: Traffic Management](https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ssl-administration-13-0-0/4.html) - cipher string keywords, the DEFAULT set, and tmm --clientciphers
- [F5 DevCentral: Cipher Rules and Groups in BIG-IP v13](https://community.f5.com/kb/technicalarticles/cipher-rules-and-groups-in-big-ip-v13/279555) - cipher rules and groups, boolean operators, and the pre-built rules
- [F5: Configuring a Custom Cipher String for SSL Negotiation](https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-custom-cipher-ssl-negotiation-configuration-13-0-0/1.html) - building a cipher string from rules and groups, and F5 hardening recommendations

## Related reading

- [Cipher Ordering and Negotiation on BIG-IP](https://ronutz.com/en/learn/f5-cipher-ordering-and-negotiation.md): An expanded cipher string is an ordered list, and the order is not cosmetic: with server preference, BIG-IP picks the first cipher in its own list that the client also supports. That makes the position of each cipher a real security control, which is why expansion shows them in order.
- [Enforcing Forward Secrecy on F5 BIG-IP](https://ronutz.com/en/learn/enforcing-forward-secrecy-on-f5.md): Forward secrecy is not a checkbox on BIG-IP; it is a consequence of the cipher configuration on an SSL profile. This shows how BIG-IP cipher rules and cipher groups control whether the negotiated suite uses an ephemeral (ECDHE/DHE) or static-RSA key exchange, why server-side cipher preference matters, and how TLS 1.3 removes the choice. It closes with how Fortinet and Netskope enforce the same property.
- [F5 Cipher Rules, Cipher Groups, and Why Expansion Is Version-Specific](https://ronutz.com/en/learn/f5-cipher-rules-and-groups.md): BIG-IP v13 replaced hand-edited cipher strings with cipher rules and cipher groups, a more readable model where rules hold strings and groups combine them with allow, restrict, and exclude. The final ordered suite list still comes from the per-TMOS cipher database, which is why the same string expands differently across versions.
- [Post-Quantum TLS on BIG-IP: ML-KEM Hybrids From 17.5 to 21.1](https://ronutz.com/en/learn/bigip-post-quantum-tls.md): BIG-IP's post-quantum story is a lineage: X25519MLKEM768 hybrid key exchange arrived in the 17.5.0 era, and 21.1.0 completes the NIST curve family with SecP256r1MLKEM768 and SecP384r1MLKEM1024, on both client-side and server-side TLS, per FIPS 203. Around it, 21.1 makes the classical side faster and stricter: X25519 hardware acceleration via Intel QAT on by default, parent SSL profiles defaulting to TLS 1.3 and DTLS 1.2, an OCSP request nonce, and C3D enhancements. Here is what each piece means and how to roll it out without breaking a single legacy client.
- [Reading an F5 Cipher String](https://ronutz.com/en/learn/f5-cipher-string-syntax.md): An F5 cipher string is an ordered list of cipher sets separated by colons, where each set combines keywords with a plus sign and a leading operator can exclude, delete, or de-prioritize. Once you can read the grammar, a dense string like ECDHE:RSA:!SSLv3:@STRENGTH becomes a clear set of instructions.
- [TLS 1.3 and TLS 1.2 Ciphers on BIG-IP](https://ronutz.com/en/learn/f5-tls13-vs-tls12-ciphers.md): TLS 1.3 changed what a cipher suite even is, and BIG-IP treats 1.3 and 1.2 differently as a result. A 1.2 suite bundles key exchange, authentication, and the bulk cipher; a 1.3 suite names only the bulk cipher and hash. Knowing that explains why old cipher-string keywords do not steer 1.3.
- [Which TLS Cipher Keywords Are Safe, and Which Are Not](https://ronutz.com/en/learn/tls-cipher-security-keywords.md): The difference between a hardened cipher string and a dangerous one is a handful of keywords. Forward secrecy comes from ECDHE and DHE; the risks come from RC4, 3DES, SSLv3, EXPORT, NULL, and anonymous DH. Knowing the short list lets you read a cipher string's security at a glance.
