Forum Discussion

Nimbostratus

Apr 02, 2020

TLS/SSL Version Test Tool

Hi, Is there any way to test SSL/TLS version currently running through F5 so that I can disable/remove weak Ciphers and SSLV3/TLS1.0 and TLS.1.1 versions. So I need to disable SSLv3/TLS1.0 and...

Cirrus

Apr 03, 2020

Hi Korai,

To test Ciphers you can use Wireshark to check the "Server Hello" as below to know F5 selected which ciphers from client cipher list negotiation or you can use a command in as below.

[root@lb2:Standby:In Sync] config # openssl s_client -cipher 'ECDHE-RSA-AES256-GCM-SHA384' -connect 192.168.148.184:443

Cipher suites are configured per SSL Profiles(Client/Server), you need to type "TLSv1_2" in cipher strings as seen below to only support TLSv1_2 ciphers.

You can also check via CLI by typing command to check TLSv1.2 support ciphers only as below.

[root@lb2:Standby:In Sync] config # tmm --clientcipher TLSv1_2

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

TLS/SSL Version Test Tool

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

CLIENT_HELLO SSL TLS version insert

TMOS script for updating SSL profile cipher group and TLS versions

TLS Fingerprinting to profile SSL/TLS clients without decryption

Testing the security controls for a notional FDX Open Banking deployment

Python script to test if a F5 BIG-IP is vulnerable to cve-2023-46747

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS