For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mikeshermanit_2's avatar
mikeshermanit_2
Icon for Nimbostratus rankNimbostratus
Sep 21, 2016

TLS SSL Profile question.

I have an ssl Profile that is currently linked to a Virtual Server in our production environment. Under the advanced configuration>Ciphers I see "DEFAULT:!TLSv1".   Does this mean that it's using ...
BIG-IP
LTM
security
IainThomson85_1's avatar
IainThomson85_1
Icon for Cumulonimbus rankCumulonimbus
Sep 22, 2016

Hi Mike,

 

As Kang has said the ! Negates the use of that Cipher Suite in the profile (In this case TLS 1.0).

 

IF you wanted to use TLS1.2 ONLY, there are option inside the SSL profile to do that.

 

Note: Different versions of F5 Code include different DEFAULT ciphers. I.e. Prior to 11.5, SSLv3 was included in DEFAULT list, and no-one wants that....

 

IainThomson85_1's avatar
IainThomson85_1
Icon for Cumulonimbus rankCumulonimbus
Sep 26, 2016

Hi Mike,

 

Ideally you want to get a TCPDUMP of the Handshake, analyse in Wireshark as to the exact failure reason.

 

See what Protocols/Ciphers the server offers, and see if the client can support those.