Forum Discussion

Nimbostratus

Oct 08, 2016

How to check if TLS 1.0 is enabled

Hi all i'm running F5 LTM VE 12.0 and i'm wondering how do i know if TLS 1.0 is enabled for my ssl client and server profiles. I left most config as default except the certs.

Nimbostratus

(Config check method) Replace DEFAULT with the actual cipher string in your clientssl profile (or serverssl profile)

In BigIP BASH shell:

tmm --clientciphers "DEFAULT"
tmm --serverciphers "DEFAULT"

If any lines of the output include PROT = TLS1, it's enabled, otherwise not.

(SSL handshake check with cURL)

curl -k --tlsv1 https://somesite.com

If output contains cURL (35) error code, TLSv1 is not available.

In case of publicly available web-sites, you can use many of the available online SSL-checkers (https://www.digicert.com/help, Qualys, Symantec...)

Josh_Jacobson_4

Altostratus

Oct 10, 2016

One caveat for this: make sure to enclose the cipher string in single quotes if it has an exclamation point in it. SOL15194 has a great deal more info.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

How to check if TLS 1.0 is enabled

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Check a Virtual Server's SSL Status

Enabling F5 Distributed Cloud Fraud and Risk Solutions with ForgeRock Connector

Leaked Credential Check with Advanced WAF

snmp-check external monitor

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS