Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

f5 TLS Versions on Config Utility

Hi All,
I've just been scanned on a ITHC, it's identied that the config utility is allowing TLS 1.0 and 1.1 to still be negotiated.
Is there a way i can set the web service on the config util to only allow TLS 1.2 and 1.3 or even just 1.3?





For the F5 management (F5 GUI and SSH), check out the below articles:

For SSL profiles for services published through F5, check the below:


  • Go to Local Traffic > Profiles > SSL > Client.
  • Enter SSL profile
  • For Configuration, select Advanced.
  • If you are creating a new profile, under Options, select the Custom check box.
  • For Options, select Options List.
  • Under Options List, for Available Options, press Shift, select No SSL, No SSLv2, No SSLv3, and No TLSv1, and then click Enable
    • this is just ena example on how to disable some TLS weak versions.
    • (enabling means disabling these options


Thanks, i've done it for services before.
it's the gui side. Do i need to run both of those KB's or is this one enough?
it looks like it does the same and a little more as it covers or can cover ciphers.

Thanks for the quick responce!

You're correct, they will have the same impact. You don't need to run them both. 

Regarding TLSv1.3 , BIG-IP version prior to 17.0 don't support in on the configuration utiity.