# default sane ciphers in 2023# single quotes are required when negating a suite
tmm--clientciphers'DEFAULT:!RC4:!SSLv3:!TLSv1:!3DES:!AES128-SHA:!AES128-SHA256:!ECDHE-RSA-AES128-CBC-SHA:!ECDHE-RSA-AES128-SHA256:!TLSv1_1:!RSA:!DHE'
You can use ciphersuite.info, testssl.sh, or Mozilla’s Cipher Suite pages to convert names between IANA, GnuTLS, NSS, and OpenSSL. Links are in the References below.
Some ciphers are hardware accelerated on F5 hardware. See F5 article K13213 for a list of hardware and which ciphers are eligible for hardware acceleration.