Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Enabling TLS version

mahjoub
Cirrus
Cirrus

‎24-Oct-2022 00:13

Hi,

I have one request which need your assitance, the request is that, we have some applications which can't modify the TLS version to 1.2 or 1.3, these applications need to be published, so I want to know is it possible ot enable TLS1.2 from F5 to Internet and from F5 to backend server enable 1.0 or 1.1 or keep in default in server side, please your advice the posibility and how perform this if possible.

Thanks in advance.

 

 

Labels:
Preview file
9 KB
0 Kudos
3 REPLIES 3

Kevin_Stewart
F5 Employee
F5 Employee

‎24-Oct-2022 07:44

Most definitely. BIG-IP is a full proxy, so you can control the cipher properties on each side of the proxy independently.

0 Kudos

mahjoub
Cirrus
Cirrus
In response to Kevin_Stewart

‎24-Oct-2022 08:21

Hi Kevin,

Thanks for your reply, would you guide me how to perform this.

Thanks in advance.

0 Kudos

Kevin_Stewart
F5 Employee
F5 Employee
In response to mahjoub

‎24-Oct-2022 09:21

Configure a client SSL profile that supports TLS 1.2 and 1.3, and a separate server SSL profile that supports TLS 1.1 and 1.0.

I the full proxy architecture, the client SSL profile works on the client side of the proxy and acts as the server to the TLS session. The client sends a Client Hello message and list of supported ciphers, and the server (BIG-IP) picks one of the ciphers to continue the TLS handshake. The server SSL profile works on the server side of the proxy and acts as the client to the TLS session. It sends a Client Hello to the server with its list of supported ciphers. This list comes from the cipher string defined in the server SSL profile.

0 Kudos
Copyright © 2023 Khoros, LLC