Forum Discussion

Cirrostratus

Jun 05, 2023

Support TLS1.3 and TLS1.2 protocols

Hello, Today we are working only with TLS1.2 on SSL Clients profiles. We are about to enable TLS1.3, and I have a few questions before a behavior about the SSL handshake process: Case - We are w...

security

MaxMedov

Cirrostratus

Jun 21, 2023

Hi, LiefZimmerman I made tests and it seems the results were contrasted above answers.
It seems that if the client supports TLS 1.2 and TLS 1.3
And F5 Supports TLS1.2 and TLS 1.3, BUT does NOT SUPPORT TLS1.3 CIPHERS that the client has, the handshake will fail and the client got reset.
As explained to me, the client should connect with TLS1.2 ciphers if he doesn't find the matched TLS1.3 ciphers. But in fact, it stopped when he didn't find TLS1.3 only.
There is an option called ‘LS Fallback SCSV’ , but only if the client supports it (not relevant for us):
https://community.f5.com/t5/technical-articles/poodle-and-tls-fallback-scsv-deep-dive/ta-p/273803
https://datatracker.ietf.org/doc/html/rfc7507

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Support TLS1.3 and TLS1.2 protocols

Recent Discussions

ip x-forwarding

F5 ASM API-Protection Policy

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Related Content

AFM Protocol Inspection rules for CVE-2022-3602 (aka SpookySSL)

Unsupported Snort Keywords in Protocol Inspection

Unbreaking the Internet and Converting Protocols

f5 iHealth and Support

Capture SSL Profile Protocol Stats - Bash

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS