F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Doran_Lum's avatar
Doran_Lum
Icon for Nimbostratus rankNimbostratus
Jun 17, 2020

Stengthen ciphers for TLS v1.1

Hi all, what other parameters can I add on to my current TLS v1.1 ciphers below ? Some of my VIPs are getting TLS triple handshake vulnerability on F5 client ssl profile. The reason we can't make a ...
BIG-IP
LTM
security
Samir's avatar
Samir
Icon for MVP rankMVP
Jun 18, 2020

In this case you don't need to do any thing to allow tls1.1. By default F5 BIGIP support TLS1.0, TLS1.1 & TLS1.2 unless disable any. I can see current cipher which is disable on SSL Profile TLS1.0[DEFAULT:!TLSv1].

Run below command to check if traffic is coming to via for ciphers TLS1.1 or TLS1.2, etc.

tmsh show ltm profile client-ssl <SSL_Profile_Name> raw