tls protocol switching
1 TopicTLS protocol switching on F5
Hello Experts, I am looking for documents to understand the behavior of TLS version selection made by F5 in SSL handshake either sides. I would appreciate if someone can clarify on this : The scenario is if client connect to F5 using TLSv1.0, will F5 by default try to connect to server using TLSv1.0 as normal behavior ? What if server has TLSv1.0 disabled, only TLSv1.2 enabled. Will F5 retry connection to server by using TLSv1.2? Provided clientssl and serverssl are supporting all versions of TLS. Moreover, lets say if below are the settings in CLientssl and serverssl profile : !DEFAULT:!SSLv3:TLSv1:TLSv1_1:TLSv1_2 when i check the list of ciphers supported, i get below list : `@f5test:LICENSE EXPIRED] config tmm --serverciphers '!DEFAULT:!SSLv3:TLSv1:TLSv1_1:TLSv1_2' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA 1: 5 RC4-SHA 128 TLS1.2 Native RC4 SHA RSA 2: 47 AES128-SHA 128 TLS1 Native AES SHA RSA 3: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 4: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 5: 53 AES256-SHA 256 TLS1 Native AES SHA RSA 6: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 7: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 8: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA 9: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 10: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA 11: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 12: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 13: 9 DES-CBC-SHA 64 TLS1 Native DES SHA RSA 14: 9 DES-CBC-SHA 64 TLS1.2 Native DES SHA RSA ` So along these, what will be selection sequence followed by F5 ?669Views0likes8Comments