Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Juraj_314736's avatar
Juraj_314736
Icon for Nimbostratus rankNimbostratus
Sep 20, 2017

TLS/1.0, PCI, and a custom message for HTTP response status codes

By June 30, 2018 we would like to turn off TLS/1.0 on all our HTTPS websites, in order to be compliant with PCI requirements. Instead of just turning TLS/1.0 off, we would like to use that time bet...
application delivery
header
http
irules
LTM
pci
security
tls
BinaryCanary_19's avatar
BinaryCanary_19
Historic F5 Account
Sep 22, 2017

this is not very elegant, but:

it may be possible to use SSL::respond which allows you to inject raw payload directly into the SSL layer, if this is something you have room to experiment with.

If you go this route however, you may have to make sure that this connection cannot be used for other requests, as I am not sure what effect injecting data into the stream will have on the HTTP profile state machine. So you should consider, including Connection: close in your response, calling HTTP::disable, Dropping the SSL session with SSL::session invalidate, and closing the TCP connection with TCP::close once done.