F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Dave_21103's avatar
Dave_21103
Icon for Nimbostratus rankNimbostratus
Oct 19, 2018

LTM SSL Client Profile for TLS 1.3

Hello All, We are running BIG-IP 14.0.0.1 Build 0.0.2 Point Release 1 and attempting to configure an SSL client profile to only negotiate TLS 1.3, https://support.f5.com/csp/article/K10251520 We've ...
application delivery
LTM
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 19, 2018

Did you go to chrome://flags in the Chrome browser and enable TLS 1.3? In any case, Chrome only ever supported drafts 23 and 28 (and now the final), while BIG-IP 14.0 supports draft 26.

RFC 8446 TLS 1.3 support comes in the 14.1.

But you're on the right configuration path:

• Create a cipher rule (Local Traffic - Ciphers - Rules)
    ○ Cipher Suites: 'TLSv1_3'
    ○ Note that the above (on 14.0) only supports TLS13-AES128-GCM-SHA256 and TLS13-AES256-GCM-SHA384
    ○ Note that the 14.0 'DEFAULT' stack also includes the two TLS 1.3 ciphers

• Create a cipher group (Local Traffic - Ciphers - Groups)
    ○ Select TLS 1.3 cipher rule

• Create a client SSL profile
    ○ Ciphers: cipher group
    ○ Options List: disable 'No TLSv1.3' option