Forum Discussion
Cumulonimbusf5 TLS Versions on Config Utility
Hi All,
I've just been scanned on a ITHC, it's identied that the config utility is allowing TLS 1.0 and 1.1 to still be negotiated.
Is there a way i can set the web service on the config util to only allow TLS 1.2 and 1.3 or even just 1.3?
Thanks
Fletch
3 Replies
Hello,
For the F5 management (F5 GUI and SSH), check out the below articles:
https://support.f5.com/csp/article/K40232071
https://support.f5.com/csp/article/K22426638
For SSL profiles for services published through F5, check the below:
- Go to Local Traffic > Profiles > SSL > Client.
- Enter SSL profile
- For Configuration, select Advanced.
- If you are creating a new profile, under Options, select the Custom check box.
- For Options, select Options List.
- Under Options List, for Available Options, press Shift, select No SSL, No SSLv2, No SSLv3, and No TLSv1, and then click Enable
- this is just ena example on how to disable some TLS weak versions.
- (enabling means disabling these options
https://support.f5.com/csp/article/K31320003
https://support.f5.com/csp/article/K33000012
PSFletchTheTekThanks, i've done it for services before.
it's the gui side. Do i need to run both of those KB's or is this one https://support.f5.com/csp/article/K40232071 enough?
it looks like it does the same and a little more as it covers or can cover ciphers.Thanks for the quick responce!
CA_ValliMVP
You're correct, they will have the same impact. You don't need to run them both.
Regarding TLSv1.3 , BIG-IP version prior to 17.0 don't support in on the configuration utiity.
