F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Ntinos's avatar
Ntinos
Icon for Nimbostratus rankNimbostratus
Sep 10, 2020

TLS 1.3 and BIG-IP Virtual Edition - BEST

Has there been any changes in the way TLS 1.3 is configured in AWS BEST AMIs after 15.0.1.1 0.0.3 build. Same config works fine with no error on F5 BIG-IP Virtual Edition - BEST 15.0.1.1 0.0.3 and F5...
application delivery
cloud
LTM
Lidev's avatar
Lidev
Icon for Nacreous rankNacreous
Sep 17, 2020

Have you try the same test (openssl s_clien)t but with tls1.2 to see if the result is the same (certificate expired)?

openssl s_client -tls1_2 -connect 20.0.5.25:443
Lidev's avatar
Lidev
Icon for Nacreous rankNacreous
Sep 17, 2020

Okay, makes a tcpdump or ssl dump and compares the Ciphers Suites negotiated with the client during the SSL Handshake.

TLS 1.3 has eliminated support for algorithms and ciphers that are practically vulnerable.

  • RC4 Stream Cipher
  • RSA Key Exchange
  • SHA-1 Hash Function
  • CBC (Block) Mode Ciphers
  • MD5 Algorithm
  • Various non-ephemeral Diffie-Hellman groups
  • EXPORT-strength ciphers
  • DES
  • 3DES