For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sam_D_'s avatar
Sam_D_
Icon for Altostratus rankAltostratus
May 07, 2020

TLS versions in ClientHello

I'm wondering how I can read TLS versions such as TLS version in Record Layer and the Max supported TLS version from ClientHello message by using: when CLIENTSSL_CLIENTHELLO { }
LTM
security
Samir's avatar
Samir
Icon for MVP rankMVP
May 07, 2020

* Below irule will help you to know the Client request with TLS version but log will be forwarded to "/var/tmp/ltm"

when HTTP_REQUEST {
  log local0. "Client address [IP::client_addr] and TLS version is [SSL::cipher version]"
  }

* Max Supported TLS version is TLS1.3 in v14.x+ , however tls1.2 is secure and highly used for all applications

The BIG-IP system has the following SSL profile limitations:

  • In the Client SSL profile, TLS 1.3 is disabled by default and not available for client connections. You can enable TLS 1.3 in the client SSL profile by removing the No TLSv1.3 option in the Enabled Options list; however, you should use TLS 1.3 only for testing and not in a production environment.
  • TLS 1.3 is *not* currently supported for the Server SSL profile