Forum Discussion

muntae_kim's avatar
muntae_kim
Icon for Altocumulus rankAltocumulus
Sep 26, 2023
Solved

How to change TLS version 1.0 settings to version 1.2 or 1.3 in F5 DDoS product

Hello, My name is Muntae Kim.

 

BIG-IP version:
- BIG-IP 16.1.3.1
- DDoS Hybrid Defender 16.1.0-9.0.20

Currently, the traffic passing through the F5 DDoS product is communicating using TLS 1.0 version, which is unfavorable for security audits.

[centos@ip-172-31-2-209 ~]$ nmap --script ssl-enum-ciphers -p 443 14.128.128.241

Starting Nmap 6.40 ( http://nmap.org ) at 2023-09-15 07:31 UTC
Nmap scan report for 14.128.128.241
Host is up (0.0028s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| SSLv3: No supported ciphers found
| TLSv1.0: <-----
| ciphers:
...


So, can you tell me how to configure F5 DDoS to upgrade the currently used TLS version 1.0 to version 1.2 or version 1.3?

  • Hi, 

    It's in in you ssl client profile.
    You can set it in your cypher profile which is more granular and takes into account other things like hash algorithms, or just in the ssl client profile.

    If yougo thr cypher profile route, you need to make sure you click from "basic" to "advanced" in the ssl client profile config otherwise you don't see the current options.

1 Reply

  • Hi, 

    It's in in you ssl client profile.
    You can set it in your cypher profile which is more granular and takes into account other things like hash algorithms, or just in the ssl client profile.

    If yougo thr cypher profile route, you need to make sure you click from "basic" to "advanced" in the ssl client profile config otherwise you don't see the current options.