Forum Discussion

Nimbostratus

Sep 17, 2018

How to configure BIG-IP(11.4.1) to support TLSv1.2

Software: BIG-IP version:big-ip 11.4.1 Hardware: big-ip 3600 When I configured it according to the official documentation(https://support.f5.com/csp/article/K13171TLSv1.2), I found that it did not ta...

BIG-IP

security

Kevin_Stewart

Employee

Sep 18, 2018

You're right. Based on https://support.f5.com/csp/article/K1316311.4.1, there are NO ciphers available that don't either do (non-PFS) RSA key exchange or use SHA1. There are two that use SHA256, and seven that don't use RSA, but none of these overlap.

Minimally you need to upgrade to 11.5.1 to get the cipher combinations that you want. There are several ciphers in this version that satisfy the requirements.

Forum Discussion

How to configure BIG-IP(11.4.1) to support TLSv1.2

Recent Discussions

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Ansible modules for F5OS

Related Content

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request

Cipher Suites Supported (12.1.5.3)

Configuring NGINX API micro-gateway to support Open Banking's Advanced FAPI security profile

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

f5 iHealth and Support