Forum Discussion
f5 TLS Versions on Config Utility
Hi All,
I've just been scanned on a ITHC, it's identied that the config utility is allowing TLS 1.0 and 1.1 to still be negotiated.
Is there a way i can set the web service on the config util to only allow TLS 1.2 and 1.3 or even just 1.3?
Thanks
Fletch
Hello,
For the F5 management (F5 GUI and SSH), check out the below articles:
https://support.f5.com/csp/article/K40232071
https://support.f5.com/csp/article/K22426638
For SSL profiles for services published through F5, check the below:
- Go to Local Traffic > Profiles > SSL > Client.
- Enter SSL profile
- For Configuration, select Advanced.
- If you are creating a new profile, under Options, select the Custom check box.
- For Options, select Options List.
- Under Options List, for Available Options, press Shift, select No SSL, No SSLv2, No SSLv3, and No TLSv1, and then click Enable
- this is just ena example on how to disable some TLS weak versions.
- (enabling means disabling these options
https://support.f5.com/csp/article/K31320003
https://support.f5.com/csp/article/K33000012
Thanks, i've done it for services before.
it's the gui side. Do i need to run both of those KB's or is this one https://support.f5.com/csp/article/K40232071 enough?
it looks like it does the same and a little more as it covers or can cover ciphers.Thanks for the quick responce!
You're correct, they will have the same impact. You don't need to run them both.
Regarding TLSv1.3 , BIG-IP version prior to 17.0 don't support in on the configuration utiity.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com