Forum Discussion
NimbostratusDisable TLS 1.2 from Cipher Suite
I have a SSL client using the DEFAULT cipher suite. We are currently running into issues with TLS 1.2 connections. As a temporary work around and for testing, I would like to disable TLS 1.2 as an option for making connections. Does anyone know how I might go about doing that? I've been looking for the correct cipher string to use to not use TLS 1.2, but I am having a tough time. I have gone through SOL13171, but it doesn't specificy how I would disable TLS 1.2 connections. Any help would be helpful. Thanks.
6 Replies
theCookEmployee
SOL15194 may be more relevant here. It doesn't speak to your issue directly but it speaks to usable keywords such as TLSv1_2 which you should be able to negate. For example: "DEFAULT:!TLSv1_2"
-Tim
meenny_60187I will test to see if this will work.
SOL15194 may be more relevant here. It doesn't speak to your issue directly but it speaks to usable keywords such as TLSv1_2 which you should be able to negate. For example: "DEFAULT:!TLSv1_2"
-Tim
- meenny_60187I will test to see if this will work.
JGCumulonimbus
You probably meant to disable the TLS 1.2 protocol.
Create a new SSL profile, client-side or server-side that is appropriate to your situation, and in the "Options List", select "No TLSv1.2", click on "Enable" and then save ("Update") the configuration.
Apply the new SSL profile to your virtual server.
I hope this is what you want and need to do.
Samir_Jha_52506Noctilucent
There are other option in f5 to disable TLSv1.2(11.x Series) through Cipher list. TLSv1.1 is not included in 10.2.4.
11.x series(Option 1)
DEFAULT:!TLSv1.2Option 2
Create a new SSL profile, client-side or server-side that is appropriate to your situation, and in the "Options List", select "No TLSv1.2", click on "Enable" and then save ("Update") the configuration & attach profile to VIP.
