Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Hoang_Hung's avatar
Hoang_Hung
Icon for Cirrus rankCirrus
Jun 15, 2020

Disable TLS verion 1.0 and Reconfig Self-signed Certificate on Management Interface

Hi all We have using have F5 running HA mode. After check security recommned PCI DSS V3.2 we have 2 error release Disable TLS 1.0 Protocol Detection on Management Interface (using HTTPS) Recon...
application delivery
big-ip
LTM
NAG's avatar
NAG
Icon for Cirrostratus rankCirrostratus
Jun 15, 2020

HI Hoang,

 

1) Disable TLS 1.0 Protocol Detection on Management Interface (using HTTPS)

 

ANS: if you want to restrict to only TLS 1.1 and TLS 1.2 ciphers and disable use of TLS 1.0, then type the following command :

#tmsh modify /sys httpd ssl-ciphersuite ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1

#tmsh save sys config

#bigstart restart httpd

 

2) Reconfig Self-signed Certificate on Management Interface

 

Ans:

K42531434: Replacing the Configuration utility's self-signed SSL certificate with a CA-signed SSL certificate

https://support.f5.com/csp/article/K42531434

 

Hope this helps.

 

Let me know if you have any questions,

Nag

 

 

  • Hoang_Hung's avatar
    Hoang_Hung
    Icon for Cirrus rankCirrus
    Jun 15, 2020

    Hi  

    1) Disable TLS 1.0 Protocol Detection on Management Interface (using HTTPS)

    What happent if i use command: #tmsh modify /sys httpd ssl-ciphersuite ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1

    #tmsh save sys config

    #bigstart restart httpd

    >> I think it will Impact all running service on F5 deivice. We on apply on Management Interface..

    Please recommend to you.

    2) Reconfig Self-signed Certificate on Management Interface

    we only reconfig on Management interface.

    > Plz help me

     

    Thanks NAG