Forum Discussion

Nimbostratus

May 03, 2018

Issue on disabling TLS 1.0 / TLS 1.1

Hello, We have a problem with an LTM (Local Trafic Manager) when we turn off TLS 1.0 and 1.1. Indeed when protocols are disabled in SSL profiles, the F5 does not return any error to the client. ...

Ret. Employee

May 03, 2018

If you use SSL, browser expect to finish ssl handshake 1st. You will not be able to receive html code if ssl handshake fails. You need to get ssl handshake established and only then you can send and receive html.

This is just TCP/IP stack rules. If lower level protocols fails, upper level will not work. What you can do, you can wait until ssl handshake established and then terminate it if ssl version is lower then tls 1.2. You can implement it via iRule

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Issue on disabling TLS 1.0 / TLS 1.1

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

How to disable only TLS v1 & TLS v1.1 on specific virtual server

Load Balancing TCP TLS Encrypted Syslog Messages

Enable TLS 1.3 and Disable DH group

Decrypting TLS traffic on BIG-IP

Fingerprinting TLS Clients with JA4 on F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS