Forum Discussion

Nimbostratus

May 03, 2018

Issue on disabling TLS 1.0 / TLS 1.1

Hello, We have a problem with an LTM (Local Trafic Manager) when we turn off TLS 1.0 and 1.1. Indeed when protocols are disabled in SSL profiles, the F5 does not return any error to the client. ...

Nacreous

May 03, 2018

The problem you have is that SSL negotiation happens prior to HTTP_REQUEST. So if you have disabled TLS 1.0 and the client only uses TLS 1.0, the session will never be established, it will be terminated before you reach the HTTP request event... hence being unable to send an HTTP::response command.

It is by design that you do not receive an error in this instance. You would see in the SSL handshake that the version is not supported but this is not obvious to your users unless they are capturing the request using Wireshark for example.

What is your actual requirement?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Issue on disabling TLS 1.0 / TLS 1.1

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

How to disable only TLS v1 & TLS v1.1 on specific virtual server

Load Balancing TCP TLS Encrypted Syslog Messages

Enable TLS 1.3 and Disable DH group

Decrypting TLS traffic on BIG-IP

Fingerprinting TLS Clients with JA4 on F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS