For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

IRONMAN's avatar
IRONMAN
Icon for Cirrostratus rankCirrostratus
Jul 13, 2018

ciphers applied to client SSL profile for allow only tls 1.2 not working?

Hi ,   I applied below cipher settings for client SSl profile and applied to VIP 443. But when i try to access the website from any browser, settings in browser unchecked for tls 1.2 and allowed...
application delivery
BIG-IP
LTM
security
jaikumar_f5's avatar
jaikumar_f5
Icon for Noctilucent rankNoctilucent
Jul 13, 2018

Can you login to the LTM and run the below command & share to us, Is your applied CIPHER reflecting in there ?

tmsh  list ltm profile client-ssl  ciphers options

If you wanna make the change, the right way to stop the Tls1.0 & Tls1.1 protocol is to control it in the options parameter,

tmsh  modify ltm profile client-ssl  options { dont-insert-empty-fragments no-sslv2 no-sslv3 no-tlsv1 no-tlsv1.1 }