Forum Discussion

PeterKoine_1630's avatar
PeterKoine_1630
Icon for Nimbostratus rankNimbostratus
Jan 22, 2015

Issue changing TLS version in HTTPS monitor

Hello everyone,   I am having troubles to change the cipher suite on a custom https monitor. Our client has turned off TLS v1.0 on their servers but each time I change the cipher option from DEFAU...
application delivery
availability
deployment
design
LTM
management
  • SynACk_128568's avatar
    SynACk_128568
    Jan 22, 2015

    Hi Peter ,

     

    https monitor uses openssl library and openssl flags sslv3 and tls1.0 same . So when you use DEFAULT:!SSLv3:!TLSv1 there are no ciphers left to negotiate .

     

    have you tried

     

    tmsh modify ltm monitor https monitor_name cipherlist TLSv1 or someother version .

     

    you can see openssl ciphers by using this command :

     

    openssl -v DEFAULT or some other setting in cipherlist in monitor https

     

SynACk_128568's avatar
SynACk_128568
Icon for Cirrostratus rankCirrostratus
Feb 04, 2015

Hi Peter ,

 

is there any way to force bigd to use tlsv1 as starting cipher instead of using pseudo sslv2 client hello which is being just used for compatibility reasons.

 

Thanks

 

  • PeterKoine_1630's avatar
    PeterKoine_1630
    Icon for Nimbostratus rankNimbostratus
    Feb 05, 2015
    Hi SynACk, setting "DEFAULT:+SHA:+3DES:+kEDH" under the monitor should do the trick i would say.