Forum Discussion
MaxMedov
Jun 21, 2023Cirrostratus
Hi, LiefZimmerman I made tests and it seems the results were contrasted above answers.
It seems that if the client supports TLS 1.2 and TLS 1.3
And F5 Supports TLS1.2 and TLS 1.3, BUT does NOT SUPPORT TLS1.3 CIPHERS that the client has, the handshake will fail and the client got reset.
As explained to me, the client should connect with TLS1.2 ciphers if he doesn't find the matched TLS1.3 ciphers. But in fact, it stopped when he didn't find TLS1.3 only.
There is an option called ‘LS Fallback SCSV’ , but only if the client supports it (not relevant for us):
https://community.f5.com/t5/technical-articles/poodle-and-tls-fallback-scsv-deep-dive/ta-p/273803
https://datatracker.ietf.org/doc/html/rfc7507