Forum Discussion

Cirrostratus

Oct 18, 2018

Disabling TLS v1 and TLS v1.1 Protocol

In reading up on the issue of disabling tls v1/v1.1 I see talk mostly about ciphers. Shouldn't we be disabling the protocol? Is it possible there will be problems in the protocol is enabled but the...

LTM

security

Kevin_Stewart

Employee

Oct 18, 2018

There are usually different versions of a cipher for each protocol version.

 1: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1    AES       SHA     ECDHE_RSA 
 2: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  AES       SHA     ECDHE_RSA 
 3: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  AES       SHA     ECDHE_RSA

So disabling a cipher would remove all versions of that cipher. But if you truly want to just disable TLS1 and TLS1.1, you could use a cipher string like this:

DEFAULT:!TLSv1:!TLSv1_1

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Disabling TLS v1 and TLS v1.1 Protocol

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

What dose "Accept" do in BIG-IP ASM event logs

Is anyone using Certbot for F5 certificate automation? If not, what tool do you use?

Change Content-Type from application/octet-stream to multipart/form-data

f5 AI Gateway pii-redactor not working

Terraform apply failures - loadbalancer_type.https.port_choice

Related Content

F5 MCP(Model Context Protocol) Server

Proxy Protocol v2 Initiator

How to disable only TLS v1 & TLS v1.1 on specific virtual server

Proxy Protocol Initiator

Proxy Protocol Receiver

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS