Forum Discussion
Hannes_Rapp
Nimbostratus
Append +TLSv1 to your clientssl Cipher configuration. This will move all TLSv1.0 cipher suite combinations to the end of the list (least preferred).
I.e:
DEFAULT:+TLSv1
justin_westove1
Mar 04, 2016Nimbostratus
So after I made the change you suggested to the clientssl default cert on the F5 I executed the tmm --clientcipher DEFAULT command and got the following:
0: 159 DHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 EDH/RSA
1: 158 DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 EDH/RSA
2: 57 DHE-RSA-AES256-SHA 256 TLS1 Native AES SHA EDH/RSA
3: 57 DHE-RSA-AES256-SHA 256 TLS1.1 Native AES SHA EDH/RSA
4: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Native AES SHA EDH/RSA
Line 2 is the most important in this output, tlsv1 still has priority over tls1.1 or 1.2. Thoughts?