unable to restrict the configuration utility( httpd) cipher suite for the version TSL1.1. Our aim is to only use TLS1.2

Question

unable to restrict the configuration utility( httpd) cipher suite for the version TSL1.1. Our aim is to only use TLS1.2&nbsp;
we tried below command to change, but it is not working&nbsp;
modify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1' &nbsp;
once we remove TLS1_1 from above it worked.. our version is 11.5.3&nbsp;

jg · Answer

What you really need is to disable the insecure SSL protocols altogether:
 tmsh modify /sys httpd ssl-protocol "TLSv1.2"
 tmsh save /sys config

. Also see K17491 for any error message. [Edited]

sharadwi_352731 · Answer

Was someone able to fix this issue? I am using v11.5.3 as well &nbsp;

only1masterbla1 · Answer

Please check this note:&nbsp;
K17491: Unable to limit Configuration utility access to clients using only TLSv1.1 or TLSv1.2&nbsp;
https://support.f5.com/csp/article/K17491&nbsp;

sharadwi_352731 · Answer

Thank you . This is for PCI standards. It requires TLSv1.2 to be used for the utility. Does changing the cipher suite help ?&nbsp;

Forum Discussion

unable to restrict the configuration utility( httpd) cipher suite for the version TSL1.1. Our aim is to only use TLS1.2

Recent Discussions

Help needed with iRule (connection closed log )

AS3 Limitations

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

Office 365 Tenant Restrictions

Solution for delayed BIG-IP page load of the Configuration utility

configuration utility restarting (upgrade)

BIG-IP Configuration utility vulnerability CVE-2023-38138

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS