For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ken_B_50116's avatar
Ken_B_50116
Icon for Cirrostratus rankCirrostratus
Nov 04, 2015

Question about forcing TLS 1.2 and SOL13171

I found article SOL13171 that says to just use "TLSv1_2" in the Ciphers field, and this will force TLS 1.2. That sounds simple enough, but without also including "NATIVE" in the field, how can the e...
Ken_B_50116's avatar
Ken_B_50116
Icon for Cirrostratus rankCirrostratus
Nov 05, 2015

Currently the profile is just default.

How is 

TLSv1_2
functionally different than 
DEFAULT:!TLSv1:!TLSv1_1
? The SOL article says to use just 
TLSv1_2
, but you suggestion makes more sense because it's starting with the default suites and then stripping out the bad TLS versions.

Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Nov 05, 2015
Just TLSv1_2 on its own will also contain ADH, MD5, and RC4 ciphers which are all considered insecure at this point. The default string will not contain those. RC4 was remove from DEFAULT in 11.6 and ADH and MD5 removed in earlier versions.