Forum Discussion
Doran_Lum_13484
Oct 08, 2016Nimbostratus
How to check if TLS 1.0 is enabled
Hi all i'm running F5 LTM VE 12.0 and i'm wondering how do i know if TLS 1.0 is enabled for my ssl client and server profiles. I left most config as default except the certs.
Hannes_Rapp
Oct 10, 2016Nimbostratus
- (Config check method) Replace DEFAULT with the actual cipher string in your clientssl profile (or serverssl profile)
In BigIP BASH shell:
tmm --clientciphers "DEFAULT"
tmm --serverciphers "DEFAULT"
If any lines of the output include PROT = TLS1, it's enabled, otherwise not.
-
(SSL handshake check with cURL)
curl -k --tlsv1 https://somesite.com
If output contains cURL (35) error code, TLSv1 is not available.
- In case of publicly available web-sites, you can use many of the available online SSL-checkers (https://www.digicert.com/help, Qualys, Symantec...)
- Josh_Jacobson_4Oct 10, 2016Altostratus
One caveat for this: make sure to enclose the cipher string in single quotes if it has an exclamation point in it. SOL15194 has a great deal more info.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects