For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Apr 28, 2014

Server SSL Profile ciphers

I'm using the following Ciphers string in a server SSL profile on my 11.4.1HF3 LTM: DEFAULT:-TLSv1_1:-TLSv1_2 The resulting ciphers list is this: Active:Changes Pending] ~ tmm --serve...
application delivery
LTM
management
security
smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Apr 28, 2014

is it health monitor?

YES! This VIP is snatted and my tcpdump command mistakenly EXCLUDED the floating self-ip, leaving only monitor traffic in my trace. I just took another trace and verified the LTM only sends the list of 7 matching TLS ciphers in the 

tmm --serverciphers 'DEFAULT:-TLSv1_1:-TLSv1_2'
output. This is what I expected. Thanks very much for setting me straight!

This leads me to another question...what makes the LTM decide to "decide" to use TLS on the serverside of the connection? Is that because the client on the clientside requested to use TLS (which it does), and it is required to maintain the same protocol on both sides?