Forum Discussion
Kevin_Stewart
Feb 02, 2016Employee
None of the firmware versions specifically disable TLSv1.0 by default. As for modifying the default SSL profile, you're definitely correct that it isn't advisable, but certainly doable. An alternative would be to create a new client SSL profile and assign that as the parent (or explicit) SSL profile of each VIP. If that's untenable, and you're also not inclined to scripting, then modifying the default cipher string in the default SSL profile might not be a bad option after all.
Take a look at the following for guidance on what's provided, by default, in client SSL profile ciphers per version:
https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html?sr=51244991