Forum Discussion
Doran_Lum_13484
Nimbostratus
NimbostratusHow to check if TLS 1.0 is enabled
Hi all i'm running F5 LTM VE 12.0 and i'm wondering how do i know if TLS 1.0 is enabled for my ssl client and server profiles. I left most config as default except the certs.
Hannes_RappNimbostratus
Nimbostratus- (Config check method) Replace DEFAULT with the actual cipher string in your clientssl profile (or serverssl profile)
In BigIP BASH shell:
tmm --clientciphers "DEFAULT"
tmm --serverciphers "DEFAULT"
If any lines of the output include PROT = TLS1, it's enabled, otherwise not.
-
(SSL handshake check with cURL)
curl -k --tlsv1 https://somesite.com
If output contains cURL (35) error code, TLSv1 is not available.
- In case of publicly available web-sites, you can use many of the available online SSL-checkers (https://www.digicert.com/help, Qualys, Symantec...)
Josh_Jacobson_4Altostratus
One caveat for this: make sure to enclose the cipher string in single quotes if it has an exclamation point in it. SOL15194 has a great deal more info.
