SSLlabs strong ciphers only with tls 1.2 running
Hopefully this saves someone else a few hours of searching trying and reconfiguring the F5 Cipher Suites to get an "A" and only use strong ciphers with only tls 1.2 with ssllabs.com. F5's implementation of cipher suites and chosing which to use could be greatly improved for ease of use.
I was able to achieve an "A" on SSLlabs.com with Strong Ciphers Only by doing the following:
Note- with having only these 2 ciphers selected older versions of Internet Explorer 11 on Win 7, Win8.1, Win Phone 8.1, and Safari 6, 7, 8 cause handshake_failures.
First create the rule:
Under Local Traffic > Ciphers: Rules > Create
Under Rule Creation> Give it a RULENAME
To the right of Cipher Suites:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384
Second the group:
Under Local Traffic > Ciphers: Groups > then Create
Give the group a GROUPNAME, then on the right under Available Rules select the RULENAME you created and click << box and then click finish.
Third - assign the group to an ssl profile:
Under Local Traffic > Profiles> SSL> Client> Select your exisitng SSL Client, Ie EXAMPLE.
Once within the profile click the drop down to the right of Configuration: to show Advanced.
Make sure your Ciphers has a check in the box on the right. Click the drop down next to ciphers and select the GROUPNAME you created and then click Update at the bottom.
----
We were also able to achieve an "A" but with weak cipher suites showing on SSLlabs.com .
We were using for our cipher suites:
!NONE:!EXPORT:!DHE+AES-GCM:!DHE+AES:ECDHE+AES-GCM:ECDHE+AES:!RSA+AES-GCM:!RSA+AES:-MD5:-SSLv3:-RC4:!3DES:!TLSv1:!TLSv1_1:TLSv1_3