Forum Discussion

Cirrus

Apr 03, 2019

Forcing TLSv1_2 in the SSL Server Profile

Is it possible to configure SSL Server Profile so connectins from bigip started with TLSv1_2 ? I tried to put in a ciphers field: TLSv1_2, but connections are still TLSv1, although in the client...

Nimbostratus

Apr 04, 2019

Hi,

You can force tls1.2, on the other hand if the client does not support tls1.2, it risks to receive a reset...

So in order to force tls1.2 follow the below steps:

open your ssl client profile.
move configuration from basic to advanced in order to see all functionnality
Check "Options" -> "Options List"
Then from "Available Options", remove TLS, TLS1, TLS1.1

the only alternative that the client will have is the tls1.2.

Regards

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Forcing TLSv1_2 in the SSL Server Profile

Recent Discussions

Earth Simnavaz

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

question about getting hsl data to be formatted properly in splunk

Related Content

What are You a Force For?

Brute Force protection for single parameter like OTP

Update your DevCentral user profile

SSL Profiles

DoS Profiles

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS