Forum Discussion

Altostratus

Jan 16, 2026

Issue with TLS Version 1.1 Deprecated Protocol

My vuln scanner is popping hot for an issue on only one of my tenants. The issue describes the following. " Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1. - TLSv1.1 is ...

security

vulnerability

Vulnerability scanning

PeteWhite

Employee

Jan 20, 2026

There are two places where the BIG-IP does TLS:

Management plane ie the BIG-IP GUI
Userplane ie TLS for virtual servers etc.

As Injeyan_Kostas has said, you can do this simply for the menegement plane in the way he shows.

However, for userplane you need to update the clientSSL profile. It is generally recommended that you don't change the underlying client-ssl profile, as this is updated during software upgrades. However, you should create a standard profile which uses client-ssl as the parent and is in turn the parent for all of your client-ssl profiles. In this, you can change the TLS protocol and disable TLSv1 ( or set ciphers or whatever ).

The issue with changing this to deny TLSv1.1 is that there may be some users which use browsers that use TLSv1.1 and may then have issues, so you should do some investigation and bring this in carefully but ultimately if you want to increase security then you need to do it.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)