Forum Discussion

Nimbostratus

Feb 02, 2016

how to disable all weak ciphers and tlsv1 in ltm11.5.3 globally

it is not advisable to modify the default ssl profile, however if we would really need to disable all weak ciphers and tlsv1 protocol globally for all virtual servers, please advise beside creating a...

LTM

security

Hannes_Rapp_162

Nacreous

Feb 02, 2016

The default cipher suite in 11.5.3 is already sufficient to comply with current PCI DSS 3.0 requirements. Leaving the paranoid security-guru suggestions aside, there's nothing wrong with using the DEFAULT of 11.5.3 today.

Config related:

Your only sensible option for applying a new global configuration is to create a new clientside SSL profile (i.e. clientssl_custom) which you will then re-use as the

Parent Profile

when creating you custom clientssl profiles.

Steve_Sander_31
Nimbostratus
Mar 30, 2017
EAV
Chase_Abbott
Admin
Mar 31, 2017
And: https://devcentral.f5.com/s/articles/security-sidebar-improving-your-ssl-labs-test-grade
¬†

But related for newer versions.
¬†
Hannes_Rapp_162
Nacreous
Apr 02, 2017
Updated answer. Enforcement date for 3.1 was postponed (now June 2018)

Cumulonimbus

Apr 03, 2017

From https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard :

3.1 was released in April 2015, and has been retired since October 31 2016.

From https://www.pcicomplianceguide.org/whats-new-in-pci-dss-3-2/ :

February 2018: All new requirements within PCI DSS 3.2 will become effective. (Prior to that they will be considered “best practices.”)

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

how to disable all weak ciphers and tlsv1 in ltm11.5.3 globally

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Restful API call takes too long

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

Any way to cache HEAD request

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

Related Content

F5 Distributed Cloud for Global Layer 3 Virtual Network Implementation

Forwarding Logs to SIEM Tools via HTTP Proxy for F5 Distributed Cloud Global Log Receiver

Global Log Receiver

F5 Distributed Cloud (XC) Global Applications Load Balancing in Cisco ACI

Solving for true-source IP with global load balancers in Google Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS