Forum Discussion
AltostratusDoes parent SSL profile takes precedence in individual SSL Client Profile?
MVPIndividual profiles inherit settings by their parent profile, and you have the opportunity to overwrite those.
Usually, to meet specific requirements, you create a new custom profile that inherits clientssl "defaults" and tune it to match what you need.
TLS enforcement should be pretty easy in your version, you have several settings ready for use in Options List (flag the "custom" checkbox)
- Moinul_Rony
Thanks.
What we are trying to do is globally enforce TLS v1.2. We plan it to enforce via the default parent profile. Due to fact we have around thousand ssl client profiles.For exclusion apps we cloned the default, renamed and added as parent to the excluded apps.
For the rest we'll use the default and in default options we remove v 1.0 and v 1.1.
Hopefully it'll do the job?
- Paulius
Moinul_Rony I do not recommend modifying any default SSL profile and neither does F5 in most cases. The better option here would be to create a new SSL profile that uses the default SSL profile as a parent and then configure its settings to what you would like to use. Once you have this new SSL profile configured you can use it as the new parent profile for all your SSL profiles. This change would be relatively quick to make through the CLI on the F5 even if it's thousands of SSL profiles that you would need to update.
