F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

j_hardin80's avatar
j_hardin80
Icon for Nimbostratus rankNimbostratus
Oct 03, 2023

TLS1

Forgive me but I'm pretty green when it comes to these F5's. We have an F5 LTM that is load balancing our internal and external email. We just had a pen test done and they saw TLS1 and 1.1 open from ...
security
j_hardin80's avatar
j_hardin80
Icon for Nimbostratus rankNimbostratus
Oct 03, 2023

yes, let's say we DO NOT want TLS 1, 1.1, 1.2 and 1.3 for this sake, our config has "enabled" NO_TLSv1.3 so that should block 1.3, 1.2, 1.1, and 1 correct?

BUT, if that is the case then I'm not sure where the TLS 1 and 1.1 is showing for the pen test as it shows 1 and 1.1 is active so therefore the above isn't working by blocking all the TLS version.

PSFletchTheTek's avatar
PSFletchTheTek
Icon for Cumulonimbus rankCumulonimbus
Oct 03, 2023

No, that's the bit i think i've got wrong. Because the cypher profile works slightly different.

NO TLS 1.3 is still letting in SSL, TLS 1 1.1 1.2 etc but Not 1.3

NB - TLS 1, 1.1, 1.2 and 1.3 would block ALL TLS. and NO TLS also blocks all.
You would then be left with just ssl! 

  • j_hardin80's avatar
    j_hardin80
    Icon for Nimbostratus rankNimbostratus
    Oct 03, 2023

    Ohhh ok, so that may be my issue then, I just need to remove 1.3 and add 1 and 1.1 in there.

    I'll try that! thank you so much for clarfiying that for me