Leave TLSv1 enabled but prioritize TLS1.2 or TLS1.1 over v1
We've disabled SSL all together on our F5 but we still allow TLSv1, TLSv1.1 and 1.2. We notice that most of our clients are hitting us on TLSv1 even though we support 1.2. Our clients have stated that they're sending a list of ciphers that they support when they initially connect (TLSv1, 1.1, and 1.2). Even though they're supporting 1.2 and we support 1.2 their connection is still using 1.0. Looking at the tmm clientciphers DEFAULT command i see that tls1.0 is ordered above 1.1 and 1.2. Is there a way to reorder this or priortize 1.2 and 1.1 over 1.0?