TLS

Question

I am trying to set up my LTM so that it will only accept TLS connections.  They are asking that we do away with SSLv3 completely.  I am not sure how to do that without causing interruptions, we have REST and JSON coming in as well as HTTP traffic.
For most services, I run a separate port to the servers, I have one that run 443.  That server is ColdFusion, and running SSLv3, and I have not been able to get it to run the proper cypher suite to the LTM.
Any suggestions?&nbsp;

andy_mcgrath · Answer

SSL protocol and ciphersuite configuration is under the client ssl profiles (for clientside) and server ssl profiles (for serverside), within the profiles you have the option of setting ciphersuite and protocol the following links should help you.&nbsp;
sol13163: SSL ciphers supported on BIG-IP platforms (11.x - 12.x)&nbsp;
sol15194: Overview of the BIG-IP SSL/TLS cipher suite&nbsp;
sol8802: Using SSL ciphers with BIG-IP Client SSL and Server SSL profiles&nbsp;
sol13171: Configuring the cipher strength for SSL profiles (11.x) - Configuring the SSL profile to block a specific SSL version&nbsp;
If you're running 11.5.0 or above SSLv3 is disabled in the 'DEFAULT' ciphersuite list, anything earlier changing the ciphersuite setting in the ssl profile to 'DEFAULT:!SSLv3' should work.&nbsp;

Forum Discussion

TLS

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

F5OS login with admin/root failed via console

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

UCS Encryption Question

Unblock Request WAF

Related Content

Load Balancing TCP TLS Encrypted Syslog Messages

Decrypting TLS traffic on BIG-IP

Fingerprinting TLS Clients with JA4 on F5 BIG-IP

TLS Fingerprinting - a method for identifying a TLS client without decrypting

TLS Stateful vs Stateless Session Resumption

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS