How to change TLS version 1.0 settings to version 1.2 or 1.3 in F5 DDoS product
Hello, My name is Muntae Kim.
BIG-IP version:
- BIG-IP 16.1.3.1
- DDoS Hybrid Defender 16.1.0-9.0.20
Currently, the traffic passing through the F5 DDoS product is communicating using TLS 1.0 version, which is unfavorable for security audits.
[centos@ip-172-31-2-209 ~]$ nmap --script ssl-enum-ciphers -p 443 14.128.128.241
Starting Nmap 6.40 ( http://nmap.org ) at 2023-09-15 07:31 UTC
Nmap scan report for 14.128.128.241
Host is up (0.0028s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| SSLv3: No supported ciphers found
| TLSv1.0: <-----
| ciphers:
...
So, can you tell me how to configure F5 DDoS to upgrade the currently used TLS version 1.0 to version 1.2 or version 1.3?
Hi,
It's in in you ssl client profile.
You can set it in your cypher profile which is more granular and takes into account other things like hash algorithms, or just in the ssl client profile.If yougo thr cypher profile route, you need to make sure you click from "basic" to "advanced" in the ssl client profile config otherwise you don't see the current options.