cancel
Showing results for 
Search instead for 
Did you mean: 

TLS/SSL Version Test Tool

Korai
Nimbostratus
Nimbostratus

Hi,

 

Is there any way to test SSL/TLS version currently running through F5 so that I can disable/remove weak Ciphers and SSLV3/TLS1.0 and TLS.1.1 versions.

So I need to disable SSLv3/TLS1.0 and TLS1.1 but once I finish my change , I wana makre sure that F5 is no more processing and SSLv3 OR TLS1.0/TLS1.1 traffic and only supporting TLS1.2.

 

Do we have any tool or website to test or how we can test it through F5 CLI if there is any way

5 REPLIES 5

Samir
Nacreous
Nacreous

There are many free tools available to validate application security.

Example: openssl is inbuild tool to initiate the connection with specific protocol (sslv1,tls1.0, etc), this will helpful if your application is only expose to internal/intranet network.

Other free one Qualys ssl test., This will helpful to initiate all typen of test infact browser compatibility.

https://www.ssllabs.com/ssltest/

Hope this will help.​

Rahul_Kaul
Cirrus
Cirrus

Hi Korai,

 

To test Ciphers you can use Wireshark to check the "Server Hello" as below to know F5 selected which ciphers from client cipher list negotiation or you can use a command in as below.

[root@lb2:Standby:In Sync] config # openssl s_client -cipher 'ECDHE-RSA-AES256-GCM-SHA384' -connect 192.168.148.184:443

 

0691T000008GtsHQAS.jpg

Cipher suites are configured per SSL Profiles(Client/Server), you need to type "TLSv1_2" in cipher strings as seen below to only support TLSv1_2 ciphers.

0691T000008GtrnQAC.jpg

 

You can also check via CLI by typing command to check TLSv1.2 support ciphers only as below.

[root@lb2:Standby:In Sync] config # tmm --clientcipher TLSv1_2

LowellF
Nimbostratus
Nimbostratus

testssl is good for testing without external access. https://testssl.sh

Jcooney-CH
Nimbostratus
Nimbostratus

Usually use nmap or openssl for internal sites and Qualys SSL Labs for external sites.

 

Sample NMAP Command

nmap -sV -p 443 --script ssl-cert,ssl-enum-ciphers <host>

 

References

https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

https://www.ssllabs.com/

 

 

Korai
Nimbostratus
Nimbostratus

Thanks, Let me see how its goes