Suppose we have to disable TLS 1.0 and 1.1 protocol on a VIP. Only TLS 1.2 should be enabled. Consider client-ssl profile is having the existing ciphers as : ciphers DEFAULT:!ADH:!EXPORT40:!EXP:!LOW:!SSLv3:!MD5:!RC4-SHA:!3DES Will modifying cipher to "TLSv1_2" fulfill the requirement.

Forum Discussion

Altocumulus

Aug 26, 2017

Suppose we have to disable TLS 1.0 and 1.1 protocol on a VIP. Only TLS 1.2 should be enabled.

Consider client-ssl profile is having the existing ciphers as :

Will modifying cipher to "TLSv1_2" fulfill the requirement.

Here,

tmsh create /ltm profile client-ssl cssl_tls12_only ciphers TLSv1_2

jaikumar_f5
MVP
Aug 27, 2017
Here,
tmsh create /ltm profile client-ssl cssl_tls12_only ciphers TLSv1_2
Reference
JG
Cumulonimbus
Aug 28, 2017
To disable the protocol:

(On v11.6.1)

Go to Local Traffic -> Profiles -> SSL -> Client and click on the relevant profile.

From "Options List": Select "No TLSv1.1" and enable it.

I think support of v1.0 is already discontinued in this version.
Maneesh_72711
Cirrostratus
Aug 26, 2017
What version your LTM is on ? Modifying the SSL Profile (Client/Server) would sort this.
nathe
Cirrocumulus
Aug 26, 2017
AJF5,

See configure clientssl profile for tls1.2

Hope this helps,

N
AJF5
Altocumulus
Aug 26, 2017
It is 11.3. And yes you are right about modiying the SSL profile. But my question was if I am changing the current cipher in client-ssl profile "DEFAULT:!ADH:!EXPORT40:!EXP:!LOW:!SSLv3:!MD5:!RC4-SHA:!3DES" with "TLSv1_2". Will that work as we want only TLSv1.2 to be enabled.