Forum Discussion

Cirrus

Dec 07, 2018

tmsh command to list client-ssl profiles - Full noted values

I am working on a project to remove TLS1.0 from our F5 BIG-IP systems. The company want first a good overview where TLS1.0 is still used (which VIP's) so i exported those with tmsh command but if the...

Altostratus

Dec 07, 2018

The F5 is security focused and will always negotiate at the highest cipher first, TLS1.2.

Profiles -> SSL -> Client -> clientssl (pick whichever parent is used) Ciphers-> "Default" --Will negotiate at TLS1.2

Caveat: If the client / server / application cannot negotiate at TLS1.2, it is due to the server not allowing a TLS1.2 cipher or is configured to force a less secure cipher due to compatibility issues.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

tmsh command to list client-ssl profiles - Full noted values

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Automate F5OS license activation using ansible

AS3 Storage

f5 client certificate forwarding

How to configure pool to go down if multiple members are down

Terraform LTM provider - ICMP disabled on resulting VIPs

Related Content

SSL Profiles Part 8: Client Authentication

Client SSL Profile

Client vs Server SSL profile

TLS Fingerprinting to profile SSL/TLS clients without decryption

SSL PROFILE - How to use multiple SSL Profile Client in Virtual Server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS