Forum Discussion

Cirrus

Apr 03, 2019

Forcing TLSv1_2 in the SSL Server Profile

Is it possible to configure SSL Server Profile so connectins from bigip started with TLSv1_2 ? I tried to put in a ciphers field: TLSv1_2, but connections are still TLSv1, although in the client...

Nimbostratus

Apr 04, 2019

Hi,

You can force tls1.2, on the other hand if the client does not support tls1.2, it risks to receive a reset...

So in order to force tls1.2 follow the below steps:

open your ssl client profile.
move configuration from basic to advanced in order to see all functionnality
Check "Options" -> "Options List"
Then from "Available Options", remove TLS, TLS1, TLS1.1

the only alternative that the client will have is the tls1.2.

Regards

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Forcing TLSv1_2 in the SSL Server Profile

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Related Content

Extend visibility - BIG-IP joins forces with CrowdStrike

HTTP Brute Force Mitigation Playbook: Bot Profile for Brute Force Mitigations - Chapter 5

SSH Brute Force Protection with SSH Proxy

Brute Force protection for single parameter like OTP

F5 BIG-IP Advanced WAF – "dos profile" reporting

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS