Forum Discussion
David_Carlson
Nimbostratus
NimbostratusDoes the HTTPS Monitor support TLS
We are migrating services from a Cisco CSM to LTM and found that when disabling SSL v3 on the servers our CSM SSL monitors are failing. Does the F5 HTTPS monitor support TLS or will be need a workaround when migrating? I could not find any documentation stating which protocols and versions the built in monitor supports.
Thank you,
Dave
Dmitri_Ch__1425Cirrus
@Dave,
Yes, HTTPS monitor supports TLS with DEFAULT ciphers. If you need you can also create a custom HTTPS monitor with the list of ciphers, including or excluding SSLv3.
You may have 'sslv3-only' enabled on Cisco CSM monitors, so it fails when client stops supporting SSLv3.
Thanks.
David_CarlsonGreat, I saw the default but wasn't sure what that contained or how to check.
Thanks...
Brad_Parkerhttps://support.f5.com/kb/en-us/solutions/public/13000/100/sol13156.html will show you the ciphers and SSL versions in the DEFAULT cipher string for various versions of BIGIP.
tmm --clientciphers 'DEFAULT' (or put in whatever cipher string you want will display the ciphers/ssl versions.)- nitass
Employee
i understand bigd uses cipher from openssl library.
Brad_Parker_139Nacreous
https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13156.html will show you the ciphers and SSL versions in the DEFAULT cipher string for various versions of BIGIP.
tmm --clientciphers 'DEFAULT' (or put in whatever cipher string you want will display the ciphers/ssl versions.)- nitassi understand bigd uses cipher from openssl library.