Forum Discussion

Nimbostratus

Jan 22, 2015

Issue changing TLS version in HTTPS monitor

Hello everyone, I am having troubles to change the cipher suite on a custom https monitor. Our client has turned off TLS v1.0 on their servers but each time I change the cipher option from DEFAU...

SynACk_128568
Jan 22, 2015
Hi Peter ,

https monitor uses openssl library and openssl flags sslv3 and tls1.0 same . So when you use DEFAULT:!SSLv3:!TLSv1 there are no ciphers left to negotiate .

have you tried

tmsh modify ltm monitor https monitor_name cipherlist TLSv1 or someother version .

you can see openssl ciphers by using this command :

openssl -v DEFAULT or some other setting in cipherlist in monitor https

SynACk_128568

Cirrostratus

Hi Peter ,

is there any way to force bigd to use tlsv1 as starting cipher instead of using pseudo sslv2 client hello which is being just used for compatibility reasons.

Thanks

PeterKoine_1630

Nimbostratus

Feb 05, 2015

Hi SynACk, setting "DEFAULT:+SHA:+3DES:+kEDH" under the monitor should do the trick i would say.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Issue changing TLS version in HTTPS monitor

Recent Discussions

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Related Content

HTTPS Monitor fails after changing TLS Version

GTM Monitor Weight Change

Change admin account

Big IP version 12 API

BIGdiff Version 2

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS