TMOS script for updating SSL profile cipher group and TLS versions

Question

Hello,With 2024 just around the corner and many organizations aligning with NIST's SP 80052r2 guidelines, I need an efficient way to use TMOS to change my SSL profile settings. I have reviewed previous posts that go over the SSL profile creation process via TMOS, but I would like to edit my current existing profiles to be compliant with security policies.&nbsp;For example, let's say I have two SSL profiles test.com_sslprofile and test.org_sslprofile, and currently they use the f5-secure cipher group and have TLS 1.0, 1.1, 1.2 enabled and TLS 1.3 disabled. Do you know of any TMOS commands that I can use to update these SSL profiles to new settings that use the new_secure_cipher_group and disable TLS 1.0 and 1.1 and enable TLS 1.3?&nbsp;Thank you.

zamroni777 · Accepted Answer

the ssl profile commands are in here:https://clouddocs.f5.com/cli/tmsh-reference/latest/modules/ltm/ltm_profile_client-ssl.htmli suggest you install VE for testing the command

Forum Discussion

TMOS script for updating SSL profile cipher group and TLS versions

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Ansible module to update BIG-IP root/admin passwords

BIG-IP Geolocation Updates – Part 2

BIG-IP Geolocation Updates – Part 7

Big IP version 12 API

BIG-IP Geolocation Updates – Part 5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS