Forum Discussion

Nimbostratus

Feb 10, 2020

Solved

Cipher Rule for just for TLS1.3

I'm running 15.0.1 on a pair for 2000s and I was trying to put a Cipher rule that just encompassed TLS1.3 so I can include with my other ciphers in a group. Seems like I can only do 1.3 with TLS13-AE...

BIG-IP

LTM

security

Smithy
Feb 11, 2020
ltm cipher rule mozilla_modern_cipher_rule_v14 {
  cipher TLSv1_3
  dh-groups DEFAULT
  signature-algorithms DEFAULT
}

This works for me in BIG-IP 14.1.x

wlopez

Cirrocumulus

Feb 11, 2020

I haven't tried v15 yet.

But on v14.1, TLS 1.3 is not included by default on the client ssl profiles.

When you create the profile you need to disable the default option named 'No TLSv1.3' from the option list.

The combination of disabling that option and selecting the cipher group created with TLS1.3 is what actually activates the protocol on the client profile.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Cipher Rule for just for TLS1.3

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

LTM Cipher rule

Cipher Rules And Groups in BIG-IP v13

Cipher Suite Practices and Pitfalls

TLS1.3 Decryption

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS