For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

adam88's avatar
adam88
Icon for Cirrus rankCirrus
Feb 04, 2020

Server Side SSL Working When I Expected it to Fail

Hi folks - I have a strange situation and I was hoping to understand better what is going on.   I have an older LTM, it's a Viprion chassis with a 2100 blade - both the chassis and the blade are ...
DevBabu's avatar
DevBabu
Icon for Cirrus rankCirrus
Feb 04, 2020

If you are using SSL profile, BIG-IP uses tmm ciphers. So, serverside SSL uses tmm ciphers.

To check tmm ciphers, from bash we can use command, tmm --serverciphers 'DEFAULT' or the ciphers you have specified in serverside profile. Similar command tmm --clientciphers 'DEFAULT'

 

In versions 11.x the monitors use openssl.

  • adam88's avatar
    adam88
    Icon for Cirrus rankCirrus
    Feb 04, 2020

    Oh! Does that mean that in versions 11.x, when the LTM tries to establish server side SSL connections it actually uses the TMM to initiate and not OpenSSL?

     

    And that only the monitors use OpenSSL to make the connection for health monitoring?

     

    This makes a lot of sense if it's the case 😄