Stengthen ciphers for TLS v1.1

Question

Hi all, what other parameters can I add on to my current TLS v1.1 ciphers below ? Some of my VIPs are getting TLS triple handshake vulnerability on F5 client ssl profile. The reason we can't make a jump to TLS v1.2 yet is because we don't want to create impact on clients who may not be ready yet.

Current ciphers: DEFAULT:!TLSv1

samir · Answer

In this case you don't need to do any thing to allow tls1.1. By default F5 BIGIP support TLS1.0, TLS1.1 & TLS1.2 unless disable any. I can see current cipher which is disable on SSL Profile TLS1.0[DEFAULT:!TLSv1].

Run below command to check if traffic is coming to via for ciphers TLS1.1 or TLS1.2, etc.

tmsh show ltm profile client-ssl <SSL_Profile_Name> raw

lidev · Answer

Hi Doran,Which version of the BIGIP do you use ?By default on versions later than 13.0.0 the variable tmm.ssl.ExtmsEnabled was enable. REF-https://support.f5.com/csp/article/K66202244&nbsp;Regards&nbsp;

Forum Discussion

Stengthen ciphers for TLS v1.1

Recent Discussions

Flip-flop load balancing

ASM Export JSON - size Limit ?

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

Related Content

Cipher Suite Practices and Pitfalls

LTM Cipher rule

Disabling Weak Ciphers

Disable below cipher

Cipher Suites Supported (12.1.5.3)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS