Hi all, what other parameters can I add on to my current TLS v1.1 ciphers below ? Some of my VIPs are getting TLS triple handshake vulnerability on F5 client ssl profile. The reason we can't make a jump to TLS v1.2 yet is because we don't want to create impact on clients who may not be ready yet.
In this case you don't need to do any thing to allow tls1.1. By default F5 BIGIP support TLS1.0, TLS1.1 & TLS1.2 unless disable any. I can see current cipher which is disable on SSL Profile TLS1.0[DEFAULT:!TLSv1].
Run below command to check if traffic is coming to via for ciphers TLS1.1 or TLS1.2, etc.
tmsh show ltm profile client-ssl <SSL_Profile_Name> raw
