Lnxgeek.org Wiki - Freedom of choice, I choose Freedom

This is a datagroup you can use for lookup in iRules for logging or debugging SSL connection errors.

I've extracted this from the tables found here https://support.f5.com/csp/article/K13163

Put it into a file and import it with the type “String” and “Key / Value Pair Separator” as “:=”.

The file has these headers:

“Hex value, Cipher Suite, Bits, Protocols, Key Exchange, Authentication, Cipher, MAC”

"0x15" := "DHE-RSA-DES-CBC-SHA 64 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA DES SHA",
"0x16" := "DHE-RSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA DES SHA",
"0x18" := "ADH-RC4-MD5 128 TLS1 ADH None RC4 MD5",
"0x1a" := "ADH-DES-CBC-SHA 64 TLS1 ADH None DES SHA",
"0x1b" := "ADH-DES-CBC3-SHA 168 TLS1 ADH None DES SHA",
"0x2f" := "AES128-SHA 128 TLS1-TLS1.1-TLS1.2-DTLS1 RSA RSA AES SHA",
"0x32" := "DHE-DSS-AES128-SHA 128 TLS1-TLS1.1-TLS1.2-DTLS1 DHE DSS AES SHA",
"0x33" := "DHE-RSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA AES SHA",
"0x34" := "ADH-AES128-SHA 128 TLS1 ADH None AES SHA",
"0x35" := "AES256-SHA 256 TLS1-TLS1.1-TLS1.2-DTLS1 RSA RSA AES SHA",
"0x38" := "DHE-DSS-AES256-SHA 256 TLS1-TLS1.1-TLS1.2-DTLS1 DHE DSS AES SHA",
"0x39" := "DHE-RSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA AES SHA",
"0x3a" := "ADH-AES256-SHA 256 TLS1 ADH None AES SHA",
"0x3c" := "AES128-SHA256 128 TLS1.2 RSA RSA AES SHA256",
"0x3d" := "AES256-SHA256 256 TLS1.2 RSA RSA AES SHA256",
"0x4" := "RC4-MD5 128 TLS1-TLS1.1-TLS1.2 RSA RSA RC4 MD5",
"0x40" := "DHE-DSS-AES128-SHA256 128 TLS1.2 DHE DSS AES SHA256",
"0x41" := "CAMELLIA128-SHA 128 TLS1-TLS1.1-TLS1.2 RSA RSA CAMELLIA SHA",
"0x44" := "DHE-DSS-CAMELLIA128-SHA 128 TLS1-TLS1.1-TLS1.2 DHE DSS CAMELLIA SHA",
"0x45" := "DHE-RSA-CAMELLIA128-SHA 128 TLS1-TLS1.1-TLS1.2 EDH RSA CAMELLIA SHA",
"0x5" := "RC4-SHA 128 TLS1-TLS1.1-TLS1.2 RSA RSA RC4 SHA",
"0x67" := "DHE-RSA-AES128-SHA256 128 TLS1.2 EDH RSA AES SHA256",
"0x6a" := "DHE-DSS-AES256-SHA256 256 TLS1.2 DHE DSS AES SHA256",
"0x6b" := "DHE-RSA-AES256-SHA256 256 TLS1.2 EDH RSA AES SHA256",
"0x84" := "CAMELLIA256-SHA 256 TLS1-TLS1.1-TLS1.2 RSA RSA CAMELLIA SHA",
"0x87" := "DHE-DSS-CAMELLIA256-SHA 256 TLS1-TLS1.1-TLS1.2 DHE DSS CAMELLIA SHA",
"0x88" := "DHE-RSA-CAMELLIA256-SHA 256 TLS1-TLS1.1-TLS1.2 EDH RSA CAMELLIA SHA",
"0x9" := "DES-CBC-SHA 64 TLS1-TLS1.1-DTLS1 RSA RSA DES SHA",
"0x9c" := "AES128-GCM-SHA256 128 TLS1.2 RSA RSA AES-GCM SHA256",
"0x9d" := "AES256-GCM-SHA384 256 TLS1.2 RSA RSA AES-GCM SHA384",
"0x9e" := "DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 EDH RSA AES-GCM SHA256",
"0x9f" := "DHE-RSA-AES256-GCM-SHA384 256 TLS1.2 EDH RSA AES-GCM SHA384",
"0xa" := "DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2-DTLS1 RSA RSA DES SHA",
"0xa2" := "DHE-DSS-AES128-GCM-SHA256 128 TLS1.2 DHE DSS AES-GCM SHA256",
"0xa3" := "DHE-DSS-AES256-GCM-SHA384 256 TLS1.2 DHE DSS AES-GCM SHA384",
"0xa6" := "ADH-AES128-GCM-SHA256 128 TLS1.2 ADH None AES-GCM SHA256",
"0xa7" := "ADH-AES256-GCM-SHA384 256 TLS1.2 ADH None AES-GCM SHA384",
"0xc003" := "ECDH-ECDSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDH ECDSA DES SHA",
"0xc004" := "ECDH-ECDSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2 ECDH ECDSA AES SHA",
"0xc005" := "ECDH-ECDSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2 ECDH ECDSA AES SHA",
"0xc008" := "ECDHE-ECDSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDHE ECDSA DES SHA",
"0xc009" := "ECDHE-ECDSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2 ECDHE ECDSA AES SHA",
"0xc00a" := "ECDHE-ECDSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2 ECDHE ECDSA AES SHA",
"0xc00d" := "ECDH-RSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDH RSA DES SHA",
"0xc00e" := "ECDH-RSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2 ECDH RSA AES SHA",
"0xc00f" := "ECDH-RSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2 ECDH RSA AES SHA",
"0xc012" := "ECDHE-RSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDHE RSA DES SHA",
"0xc013" := "ECDHE-RSA-AES128-CBC-SHA 128 TLS1-TLS1.1-TLS1.2 ECDHE RSA AES SHA",
"0xc014" := "ECDHE-RSA-AES256-CBC-SHA 256 TLS1-TLS1.1-TLS1.2 ECDHE RSA AES SHA",
"0xc023" := "ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 ECDHE ECDSA AES SHA256",
"0xc024" := "ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 ECDHE ECDSA AES SHA384",
"0xc025" := "ECDH-ECDSA-AES128-SHA256 128 TLS1.2 ECDH ECDSA AES SHA256",
"0xc026" := "ECDH-ECDSA-AES256-SHA384 256 TLS1.2 ECDH ECDSA AES SHA384",
"0xc027" := "ECDHE-RSA-AES128-SHA256 128 TLS1.2 ECDHE RSA AES SHA256",
"0xc028" := "ECDHE-RSA-AES256-SHA384 256 TLS1.2 ECDHE RSA AES SHA384",
"0xc029" := "ECDH-RSA-AES128-SHA256 128 TLS1.2 ECDH RSA AES SHA256",
"0xc02a" := "ECDH-RSA-AES256-SHA384 256 TLS1.2 ECDH RSA AES SHA384",
"0xc02b" := "ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 ECDHE ECDSA AES-GCM SHA256",
"0xc02c" := "ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 ECDHE ECDSA AES-GCM SHA384",
"0xc02d" := "ECDH-ECDSA-AES128-GCM-SHA256 128 TLS1.2 ECDH ECDSA AES-GCM SHA256",
"0xc02e" := "ECDH-ECDSA-AES256-GCM-SHA384 256 TLS1.2 ECDH ECDSA AES-GCM SHA384",
"0xc02f" := "ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 ECDHE RSA AES-GCM SHA256",
"0xc030" := "ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 ECDHE RSA AES-GCM SHA384",
"0xc031" := "ECDH-RSA-AES128-GCM-SHA256 128 TLS1.2 ECDH RSA AES-GCM SHA256",
"0xc032" := "ECDH-RSA-AES256-GCM-SHA384 256 TLS1.2 ECDH RSA AES-GCM SHA384",

You create the list by copying the table into a file and parse it with awk:

cat ssl.txt|awk -F'[(|)]' '{print $2" \:\= "$1" "$3"\,"}'