Forum Discussion

Nimbostratus

Oct 19, 2018

LTM SSL Client Profile for TLS 1.3

Hello All, We are running BIG-IP 14.0.0.1 Build 0.0.2 Point Release 1 and attempting to configure an SSL client profile to only negotiate TLS 1.3, https://support.f5.com/csp/article/K10251520 We've ...

Employee

Oct 19, 2018

Did you go to chrome://flags in the Chrome browser and enable TLS 1.3? In any case, Chrome only ever supported drafts 23 and 28 (and now the final), while BIG-IP 14.0 supports draft 26.

RFC 8446 TLS 1.3 support comes in the 14.1.

But you're on the right configuration path:

• Create a cipher rule (Local Traffic - Ciphers - Rules)
    ○ Cipher Suites: 'TLSv1_3'
    ○ Note that the above (on 14.0) only supports TLS13-AES128-GCM-SHA256 and TLS13-AES256-GCM-SHA384
    ○ Note that the 14.0 'DEFAULT' stack also includes the two TLS 1.3 ciphers

• Create a cipher group (Local Traffic - Ciphers - Groups)
    ○ Select TLS 1.3 cipher rule

• Create a client SSL profile
    ○ Ciphers: cipher group
    ○ Options List: disable 'No TLSv1.3' option

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

LTM SSL Client Profile for TLS 1.3

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

SSL profile

List of client ssl profiles certificate chain

Applying a HTTP Profile (Client) when creating a virtual server in TMOS?

protocol profiles

Web Acceleration Profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS