Forum Discussion

Nimbostratus

Apr 02, 2020

TLS/SSL Version Test Tool

Hi, Is there any way to test SSL/TLS version currently running through F5 so that I can disable/remove weak Ciphers and SSLV3/TLS1.0 and TLS.1.1 versions. So I need to disable SSLv3/TLS1.0 and...

Cirrus

Apr 03, 2020

Hi Korai,

To test Ciphers you can use Wireshark to check the "Server Hello" as below to know F5 selected which ciphers from client cipher list negotiation or you can use a command in as below.

[root@lb2:Standby:In Sync] config # openssl s_client -cipher 'ECDHE-RSA-AES256-GCM-SHA384' -connect 192.168.148.184:443

Cipher suites are configured per SSL Profiles(Client/Server), you need to type "TLSv1_2" in cipher strings as seen below to only support TLSv1_2 ciphers.

You can also check via CLI by typing command to check TLSv1.2 support ciphers only as below.

[root@lb2:Standby:In Sync] config # tmm --clientcipher TLSv1_2

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

TLS/SSL Version Test Tool

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

CLIENT_HELLO SSL TLS version insert

TMOS script for updating SSL profile cipher group and TLS versions

Testing the security controls for a notional FDX Open Banking deployment

Big IP version 12 API

test irules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS