How to change TLS version 1.0 settings to version 1.2 or 1.3 in F5 DDoS product

Question

Hello, My name is Muntae Kim.&nbsp;BIG-IP version:- BIG-IP 16.1.3.1- DDoS Hybrid Defender 16.1.0-9.0.20Currently, the traffic passing through the F5 DDoS product is communicating using TLS 1.0 version, which is unfavorable for security audits.[centos@ip-172-31-2-209 ~]$ nmap --script ssl-enum-ciphers -p 443 14.128.128.241Starting Nmap 6.40 ( http://nmap.org ) at 2023-09-15 07:31 UTCNmap scan report for 14.128.128.241Host is up (0.0028s latency).PORT STATE SERVICE443/tcp open https| ssl-enum-ciphers:| SSLv3: No supported ciphers found| TLSv1.0: &lt;-----| ciphers:...So, can you tell me how to configure F5 DDoS to upgrade the currently used TLS version 1.0 to version 1.2 or version 1.3?

psfletchthetek · Accepted Answer

Hi,&nbsp;
It's in in you ssl client profile.You can set it in your cypher profile which is more granular and takes into account other things like hash algorithms, or just in the ssl client profile.
If yougo thr cypher profile route, you need to make sure you click from "basic" to "advanced" in the ssl client profile config otherwise you don't see the current options.

Forum Discussion

How to change TLS version 1.0 settings to version 1.2 or 1.3 in F5 DDoS product

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Big IP version 12 API

BIGdiff Version 2

F5OS Tenants TMOS version upgrade

HTTP iApp - downloadable version

CLIENT_HELLO SSL TLS version insert

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS