F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Thiago_Morais's avatar
Thiago_Morais
Icon for Altostratus rankAltostratus
Dec 28, 2020

Redirect TLS1.0 to TLS1.2

I need to configure a VS to accept client requests using TLS1.0 and forward them to a pool using TLS1.2. How is the best way to configure this scenario?   Thanks! TM
application delivery
BIG-IP
LTM
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Dec 29, 2020

Hi Thiago,

 

I understand you have a VS which should accept only TLS 1.0 traffic and a pool with pool members that are only accepting TLS1.2 traffic, so you are doing what is called SSL bridging. In that scenario you would need to attach a ClientSSL and a ServerSSL profile to the VS.

In ClientSSL and ServerSSL profiles you can configure Cipher Suites, which practically define which TLS ciphers are available in the profile for negotiating a secure communication channel.

You can use the DEFAULT cipher suite in ClientSSL and ServerSSL profile, it will support TLS1 on the client-side and also TLS1.2 on the server-side.

If you plan to tweak the cipher suites further, or just want to have a better understanding of the whole subject, take a look at K15194: Overview of BIG-IP SSL/TLS cipher suites.

 

KR