Forum Discussion

Nimbostratus

Sep 17, 2018

How to configure BIG-IP(11.4.1) to support TLSv1.2

Software: BIG-IP version:big-ip 11.4.1 Hardware: big-ip 3600 When I configured it according to the official documentation(https://support.f5.com/csp/article/K13171TLSv1.2), I found that it did not ta...

BIG-IP

security

Kevin_Stewart

Employee

Sep 18, 2018

You're right. Based on https://support.f5.com/csp/article/K1316311.4.1, there are NO ciphers available that don't either do (non-PFS) RSA key exchange or use SHA1. There are two that use SHA256, and seven that don't use RSA, but none of these overlap.

Minimally you need to upgrade to 11.5.1 to get the cipher combinations that you want. There are several ciphers in this version that satisfy the requirements.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)