After modifying the SSLCipherSuite in the Access Gateway, no change is seen the nmap results. Changes were verified in the secure-proxy/httpd/conf/extra/httpd-ssl.conf, but none of the changes seem to affect the nmap results.
Applies to Access Gateway 12.8 Any
Any OS
Nmap was not installed on the Access Gateway locally, and therefore it was run from a remote machine.
As nmap was being run from a remote machine, the results were reflecting the SSL Ciphers present on the F5 load balancer, not the Access Gateway SSL port.
Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-28 16:30 UTC
Nmap scan report for server.example.com (###)
Host is up (0.00019s latency).
rDNS record for ###.###.####.###: server.example.com
PORT STATE SERVICE
443/tcp open https
We noticed that the rDNS record IP was for the F5 load balancer, not the actual Access Gateway IP. Once they removed the ciphers from the F5, the nmap results were as expected.
Installing nmap locally on the Access Gateway confirmed the changes to the https-ssl.conf were effective.