Forum Discussion
Kevin_Stewart
Oct 19, 2018Employee
Did you go to chrome://flags in the Chrome browser and enable TLS 1.3? In any case, Chrome only ever supported drafts 23 and 28 (and now the final), while BIG-IP 14.0 supports draft 26.
RFC 8446 TLS 1.3 support comes in the 14.1.
But you're on the right configuration path:
• Create a cipher rule (Local Traffic - Ciphers - Rules)
○ Cipher Suites: 'TLSv1_3'
○ Note that the above (on 14.0) only supports TLS13-AES128-GCM-SHA256 and TLS13-AES256-GCM-SHA384
○ Note that the 14.0 'DEFAULT' stack also includes the two TLS 1.3 ciphers
• Create a cipher group (Local Traffic - Ciphers - Groups)
○ Select TLS 1.3 cipher rule
• Create a client SSL profile
○ Ciphers: cipher group
○ Options List: disable 'No TLSv1.3' option