Forum Discussion

Ashu_2116

Nimbostratus

Mar 06, 2018

LTM TLS 1.3

Does LTM version 13.X support TLS1.3 if yes how to check that and apply to VS client ssl profiles ?

LTM

security

laksh_373750

Nimbostratus

Dec 01, 2018

@Saravanan

How does F5 BigIP handle Perfect Forward Secrecy in the client and server side profiles? TLS 1.3 support ephemeral keys and the keys can be changed midway during the SSL session. How would F5 BigIP be able to gain access to the ephemeral keys to decrypt the sessions? Any idea when we can get more details?

Kevin_Stewart

Employee

Dec 03, 2018

laksh, you seem to be implying passive decryption, which isn't possible anyway. BIG-IP handles PFS as a function of the proxy architecture, terminating the TLS session on the client side, and initiating a separate TLS session on the server side.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

LTM TLS 1.3

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

NGINX event logs send to F5 Data Collection Device and analysis from BIG-IQ it possible or not?

Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error

Cannot ping external interface

HA Failover between two Datacenters

LTM issue Openning new web browser tab

Related Content

Lightboard Lessons: Explaining TLS 1.3

Enable TLS 1.3 and Disable DH group

Lightboard Lessons: The TLS 1.3 Handshake

Load Balancing TCP TLS Encrypted Syslog Messages

Decrypting TLS traffic on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS