Forum Discussion
TLS1
yeah i think i made a mistake as the cypher profile overrides some of that config and made it work.
no tls1.3 will not enable it, the config is a bit backwards. "enable" NO TLS for example is a positive then a negative.
So if you want tls 1.3 then you need to take that out of enable options.
This issue i thnk i had, is that enable options needs something in there to work.
Have you got a test environment you could look at and test before you do this to see what happens.
yes, let's say we DO NOT want TLS 1, 1.1, 1.2 and 1.3 for this sake, our config has "enabled" NO_TLSv1.3 so that should block 1.3, 1.2, 1.1, and 1 correct?
BUT, if that is the case then I'm not sure where the TLS 1 and 1.1 is showing for the pen test as it shows 1 and 1.1 is active so therefore the above isn't working by blocking all the TLS version.
- Oct 03, 2023
No, that's the bit i think i've got wrong. Because the cypher profile works slightly different.
NO TLS 1.3 is still letting in SSL, TLS 1 1.1 1.2 etc but Not 1.3
NB - TLS 1, 1.1, 1.2 and 1.3 would block ALL TLS. and NO TLS also blocks all.
You would then be left with just ssl! - j_hardin80Oct 03, 2023
Nimbostratus
Ohhh ok, so that may be my issue then, I just need to remove 1.3 and add 1 and 1.1 in there.
I'll try that! thank you so much for clarfiying that for me
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com