Disabling TLS v1.0 & v1.1 on MGMT interface for Virtual F5 Appliance

Question

Hi,Please provide the steps to disable TLS 1.0 and TLS 1.1 for the F5 Management Interface (TMUI). Also share the steps to apply strong ciphers to enhance security on F5 management interface.&nbsp;Note: F5 in our infrastructure is Virtual Appliance in Azure. Please also let me know if in case F5 GUI access will be affected as part of the TLS version &amp; cipher suite modification.

jeffrey_granier · Answer

Use only TLS 1.2 on the BIG-IP GUI (Configuration utility)
&nbsp;
To apply strong ciphers something like this should work: &nbsp;
&nbsp;
modify sys httpd ssl-ciphersuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256"
&nbsp;
restart sys service httpd

jmtaylor · Answer

Hello Preet_pk&nbsp;
Have you&nbsp; checked this article yet,&nbsp;How to disable TLS 1.0 on the self IP interface and MGMT interface

Forum Discussion

Disabling TLS v1.0 & v1.1 on MGMT interface for Virtual F5 Appliance

2 Replies

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

What dose "Accept" do in BIG-IP ASM event logs

Is anyone using Certbot for F5 certificate automation? If not, what tool do you use?

Change Content-Type from application/octet-stream to multipart/form-data

f5 AI Gateway pii-redactor not working

Terraform apply failures - loadbalancer_type.https.port_choice

Related Content

Application Programming Interface (API) Authentication types simplified

sizing the F5 appliance

Disable Interface if Pool Member Availability Drops Below Threshold

Disabling Weak Ciphers

Symmetric routing on NGINX Plus with multiple interfaces

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS