Forum Discussion

Cirrus

Oct 24, 2022

Enabling TLS version

Hi, I have one request which need your assitance, the request is that, we have some applications which can't modify the TLS version to 1.2 or 1.3, these applications need to be published, so I want ...

application delivery

mahjoub

Cirrus

Oct 24, 2022

Hi Kevin,

Thanks for your reply, would you guide me how to perform this.

Thanks in advance.

Kevin_Stewart

Employee

Oct 24, 2022

Configure a client SSL profile that supports TLS 1.2 and 1.3, and a separate server SSL profile that supports TLS 1.1 and 1.0.

For client SSL, you'll simply want to enable TLS 1.3: https://support.f5.com/csp/article/K10251520
For server SSL, you'll likely not need to do anything special, as it already supports TLS 1.0 and 1.1.

I the full proxy architecture, the client SSL profile works on the client side of the proxy and acts as the server to the TLS session. The client sends a Client Hello message and list of supported ciphers, and the server (BIG-IP) picks one of the ciphers to continue the TLS handshake. The server SSL profile works on the server side of the proxy and acts as the client to the TLS session. It sends a Client Hello to the server with its list of supported ciphers. This list comes from the cipher string defined in the server SSL profile.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)