Forum Discussion
Nimbostratusneed to disable TLSv1.0 support on GTM 4000 running 11.5.3
I have a security requirement to disable SSLv3, RC4, and TLSv1.0 on my GTM 4000 device. I have the SSLv3 and RC4 requirements met, but in testing I can still access the web console with a browser that has only TLS1.0 enabled.
This is what I have placed in the Local Traffic > Profiles > SSL > Server & Client cipher fields: DEFAULT:!SSLv3:!TLSv1:!RC4
Do I have the wrong setting? Or have I missed another setting that needs to work with this one?
3 Replies
andrew_C1There is both the cipher list and a protocol/extension list. SSLv3 is disabled by default in that list. You will need to add TLSv1.0 to it. its called Options List under the ssl profile. if you scroll down you will find disable TLSv1.0, TLSv1.1 etc
Brad_ParkerCirrus
If I read your question right you are wanting to disable TLSv1 to the device's management interface itself, correct? If that is the case, you can not disable TLSv1 just yet. While technically you could by altering the cipher string with
, this causes issues with iControl and possibly iQuery since the version of modSSL currently doesn't support TLSv1.1+. I found this myself when we tried to disable TLSv1.tmsh modify sys httpd ssl-ciphersuiteLuckily in 12.0 HF1 that has now been pacthed and you can change the allowed SSL version to disable TLSv1 appropriately using
.tmsh modify sys httpd ssl-protocol 'all -SSLv2 -SSLv3 -TLSv1'
RSEDD_217334Thank you both. My TLSv1.0 tests are failing now. Just as I need them to.
