Client SSL profile fall back

Question

Hi Guys,We have some clients that use TLS1.0 whereas others use TLS1.2.Could clientssl_tls1&nbsp; profile be used for clients that use TLS1.0 and clientssl_tls1.2 be used for clients that work with TLS1.2.All clients use the same server name (SNI) and clientssl_tls1 &amp; clientssl_tls1.2 profiles are within the same VS.Please advise.Edouard.

mayur_sutare · Answer

Hi&nbsp;Edouard&nbsp;,
So basically, you need your vServer to accept requests on both TLS1.0 as well as TLS1.2 if I understood it correctly.
If that's so, then you can keep TLS1.0 as well as TLS1.2 enabled under associated client ssl profile. So single client-ssl profile will accept both requests and it will negotiate client on best possible match.
Additionally, if it is possible, try to keep all your vServers running on min TLS1.2 as lower SSL/TLS versions are prone to different vulnerabilties. You may be already knowing this but just thought of highlighting this also. Ty!
&nbsp;
Hope it helps!
Mayur

Forum Discussion

Client SSL profile fall back

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Fall back IP

About client profile (apm-forwarding-client-tcp)

How to disable weak cipher from Client SSL Profile

Server Side SSL profile not match with Client side SSL profile?

HTTPS communication and client and server ssl profile