For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RSEDD_217334's avatar
RSEDD_217334
Icon for Nimbostratus rankNimbostratus
Jan 19, 2016

need to disable TLSv1.0 support on GTM 4000 running 11.5.3

I have a security requirement to disable SSLv3, RC4, and TLSv1.0 on my GTM 4000 device. I have the SSLv3 and RC4 requirements met, but in testing I can still access the web console with a browser tha...
LTM
security
Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Jan 20, 2016

If I read your question right you are wanting to disable TLSv1 to the device's management interface itself, correct? If that is the case, you can not disable TLSv1 just yet. While technically you could by altering the cipher string with 

tmsh modify sys httpd ssl-ciphersuite
, this causes issues with iControl and possibly iQuery since the version of modSSL currently doesn't support TLSv1.1+. I found this myself when we tried to disable TLSv1.

Luckily in 12.0 HF1 that has now been pacthed and you can change the allowed SSL version to disable TLSv1 appropriately using 

tmsh modify sys httpd ssl-protocol 'all -SSLv2 -SSLv3 -TLSv1'
.