Forum Discussion
Hannes_Rapp
Oct 10, 2016Nimbostratus
- (Config check method) Replace DEFAULT with the actual cipher string in your clientssl profile (or serverssl profile)
In BigIP BASH shell:
tmm --clientciphers "DEFAULT"
tmm --serverciphers "DEFAULT"
If any lines of the output include PROT = TLS1, it's enabled, otherwise not.
-
(SSL handshake check with cURL)
curl -k --tlsv1 https://somesite.com
If output contains cURL (35) error code, TLSv1 is not available.
- In case of publicly available web-sites, you can use many of the available online SSL-checkers (https://www.digicert.com/help, Qualys, Symantec...)
- Josh_Jacobson_4Oct 10, 2016Altostratus
One caveat for this: make sure to enclose the cipher string in single quotes if it has an exclamation point in it. SOL15194 has a great deal more info.