Forum Discussion

Tech's avatar
Icon for Nimbostratus rankNimbostratus
Apr 26, 2024

enable tls1.2 on management interface on F5 ltm running version 10.x

Hi Experts ,

Legacy F5 is having below image and we would like to enable tls1.2 for httpd for management interface so that we can access Web using new browsers.

Main Package
  Product  BIG-IP
  Version  10.2.4
  Build    817.0
  Edition  Hotfix HF7
  Date     Mon May 20 15:08:56 PDT 2013

We are folllowing stpes mentioned in the "" , unfortunately this is for 11.x and above versions.

We are getting below error while changing the ssl to tls1.2.


(Active)(tmos)# modify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1'
01070920:3: Application error for confpp: Syntax OK
Error in cipher list
25658:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:836:
'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1' invalid.
Apr 26 13:17:23 confpp[25610]: syntax check command FAILURE for unix_config_httpd returned: '256'
[  OK  ]ing httpd: [  OK  ]


your valuable suggestion helps us to fix GUI issues.


from the Browser we are getting , 

The connection for this site is not secure uses an unsupported protocol.







2 Replies

  • First I would run the following command to see what the configuration is.

    list sys httpd

    Next when you end the following I would use the question mark to see what configuration options are available to you. Sadly I do not have access to an F5 appliance with this code version so I cannot provide the specific command. Essentially you need to create the appropriate cipher suite command to do what you want and that changes a bit from version to version.

    modify sys httpd ssl-ciphersuite

    • Tech's avatar
      Icon for Nimbostratus rankNimbostratus

      Hi Paulius ,


      Thank you for your reply.


      list sys httpd
      sys httpd {
          allow { }
          auth-pam-idle-timeout 36000
          include "
      <LocationMatch \";\">
          Redirect 404 /
      <LocationMatch \"hsqldb\">
          Redirect 404 /
          ssl-ciphersuite ALL:!ADH:!EXPORT56:!eNULL:!MD5:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP


      We have tried below commands but no luck as these commands are for 11.x and above .


      To restrict Configuration utility access to clients using TLS 1.2 or RC4-SHA ciphers, type the following command:
      modify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:RC4-SHA:!SSLv2:-TLSv1:-SSLv3:-TLSv1.1'

      Alternatively, if you can restrict to only TLS 1.2 cipher, then type the following command instead:
      modify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1'