Forum Discussion

Altostratus

Jun 21, 2023

Solved

TLSv1.0 and TLSv1.1 disable in Device Certificate

Hi Team, Recently, the vulnerability management team in our organization gave a report where they mentioned that the device SSL certificate (self-signed/CA-signed) used to access the F5 GUI has TLSv...

whisperer

MVP

Jun 21, 2023

Alternatively, if you can restrict to only TLS 1.2 cipher, then type the following command instead:

tmsh modify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1'

tmsh save sys config

That should do it. Sounds like the security team only wants you to use TLSv1.2 🙂

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

TLSv1.0 and TLSv1.1 disable in Device Certificate

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

IPv8 Would Fix My Routing Tables. It Will Never Ship.

Recent Discussions

VIP control across data centers - how to ensure only 1 VIP is up at a time?

migrate from serie I to R. Cluster LTM-GTM

Errors with AS3 3.56.0 with F5 17.5.1.6

syslog over tcp and define management IP as source

CPU/vCPU sizing on rseries

Related Content

Automating Certificate Management on F5 BIG-IP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Automating ACMEv2 Certificate Management on BIG-IP

Disable TLSv1.1

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS