Forum Discussion

James_Smith_299's avatar
James_Smith_299
Icon for Nimbostratus rankNimbostratus
Jun 04, 2018

Allow TLS1.2 Only

BIG-IP LTM running v12.1.2 HF2. End goal is to allow TLS1.2 only. We tried the steps below but application failed to launch.   Followed this guide to reconfigure Client SSL Profile. https://suppor...
application delivery
BIG-IP
LTM
JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Jun 07, 2018

Rather than removing ciphers supported for the unwanted versions of SSL/TLS, simply disable the support of those insecure protocols.

 

Within the SSL profile, select from "Options List" the following:

 

  • No SSLv2
  • No SSLv3
  • No TLSv1
  • No TLSv1.1

.

 

Keep in mind that there could be a lot of clients out there that do not use TLSv1.2, particularly those used for internal service integration purposes; they are typically lagging behind in maintenance.