Forum Discussion

Nimbostratus

May 03, 2018

Issue on disabling TLS 1.0 / TLS 1.1

Hello, We have a problem with an LTM (Local Trafic Manager) when we turn off TLS 1.0 and 1.1. Indeed when protocols are disabled in SSL profiles, the F5 does not return any error to the client. ...

Nimbostratus

Jul 26, 2018

this iRule works well for what you are asking.

    if { [SSL::cipher version] ne "TLSv1.2" } {
    HTTP::respond 200 content "Your browser must support TLSv1.2"

Mike_62127
Nimbostratus
Jul 26, 2018
I should have added that you need to keep TLSv 1.0 & 1.1 enabled in the SSL Profile. this will terminate any non TLSv 1.2 connections at the LTM and send the custom error message to the client.
Surgeon
Ret. Employee
Jul 28, 2018
But be aware that this solution requires tls1.0 and tls1.1 to be enabled and may impact your rank on ssllabs. You need to decide which option to use.

See Lee Sutcliffe's replies earlier

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Issue on disabling TLS 1.0 / TLS 1.1

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

How to disable only TLS v1 & TLS v1.1 on specific virtual server

Load Balancing TCP TLS Encrypted Syslog Messages

Enable TLS 1.3 and Disable DH group

Decrypting TLS traffic on BIG-IP

Fingerprinting TLS Clients with JA4 on F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS