Enableing TLS1.2

Hi Dears, I need to enable and use TLS 1.2 only instead of 1.0 or 1.1, for one specific published server. my BIG-IP version is 12.0 VE. this output may help you ssl-ciphersuite DEFAULT:!aNULL:...

application delivery

BIG-IP

LTM

Mayur_Sutare
Nov 30, 2020
Hi mahjoub,

Yes, you can configure it through GUI.

You need to create new client SSL Profile - Goto Local Traffic > Profiles > SSL > Client and create new profile.
Under Advance setting, select Custom Cipher Suits to block required TLS/SSL versions. Appending "!" before any TLS/SSL, encryption parameter in cipher string blocks that particular version.
There is one more way to configure same. Under client SSL Advance Configuration, select Options List in Options sections. Then You will get options to enable/disable particular TLS/SSL version. e.g. for blocking TLS1.1, you can enable No TLS1.1 in this section to it will block TLS1.1.

This way you can achieve your requirement. You can refer below F5 articles for more details.

https://support.f5.com/csp/article/K13171
https://support.f5.com/csp/article/K33000012

Hope it helps!
Mayur

Forum Discussion

Enableing TLS1.2

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Enable telnet on SSH

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Enable SAML Service Provider on F5 Distributed Cloud Application

enable WebSocket profile.

Enabling F5 Distributed Cloud Fraud and Risk Solutions with ForgeRock Connector