Forum Discussion
11.5.2 force Monitor to TLS 1.0
Hello
We recently upgraded from BigIP 11.3 to 11.5.2 and some HTTPS monitors and serverssl profiles stopped working. We narrowed it down to some Java Weblogic Servers that support ONLY TLS 1.0 (that's how it is). If the connection is TLS 1.1, TLS 1.2 or SSLv3 the SSL Handshake fails. With the default Cipher suites of 11.3 it worked, but it doesn't with the defaults for 11.5.2.
For the ServerSSL profile I ended up with the following cipher string: DEFAULT:!TLSv1_2:!TLSv1_1
With OpenSSL, I can use openssl s_client -tls1 -connect :
But for the HTTPS monitor I could not find a solution.
--> Any idea how to force a standard HTTPS monitor to TLS 1.0??
Greetings Mathias Rufer
6 Replies
- DevBabu
Cirrus
I have not checked what if we change the ciphers in cipher list.
tlsv1
- nitass_89166
Noctilucent
Any idea how to force a standard HTTPS monitor to TLS 1.0??
there is request for enhancement but not yet implemented.
ID504736 [RFE] Allow specifying desired SSL/TLS protocol version in HTTPS monitors
you may have to use external monitor (i.e. openssl s_client).
- Mike_99062
Nimbostratus
Hello Nitass, I'm a little confused and was wondering why in this instance, we couldn't match the cipher string in the Server SSL profile with the cipher string in the HTTPS Health Monitor? Thanks, Mike
- nitass
Employee
Any idea how to force a standard HTTPS monitor to TLS 1.0??
there is request for enhancement but not yet implemented.
ID504736 [RFE] Allow specifying desired SSL/TLS protocol version in HTTPS monitors
you may have to use external monitor (i.e. openssl s_client).
- Mike_99062
Nimbostratus
Hello Nitass, I'm a little confused and was wondering why in this instance, we couldn't match the cipher string in the Server SSL profile with the cipher string in the HTTPS Health Monitor? Thanks, Mike
- Cody_Green
Employee
Mathias, I've put together a document that walks an admin through the process of creating an HTTPS TLSv1 specific external monitor: http://f5guru.com/2015/07/07/how-to-monitor-a-tls-1-0-application/
Help guide the future of your DevCentral Community!
What tools do you use to collaborate? (1min - anonymous)Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com