Forum Discussion

Nimbostratus

Feb 02, 2016

how to disable all weak ciphers and tlsv1 in ltm11.5.3 globally

it is not advisable to modify the default ssl profile, however if we would really need to disable all weak ciphers and tlsv1 protocol globally for all virtual servers, please advise beside creating a...

LTM

security

Hannes_Rapp_162

Nacreous

The default cipher suite in 11.5.3 is already sufficient to comply with current PCI DSS 3.0 requirements. Leaving the paranoid security-guru suggestions aside, there's nothing wrong with using the DEFAULT of 11.5.3 today.

Config related:

Your only sensible option for applying a new global configuration is to create a new clientside SSL profile (i.e. clientssl_custom) which you will then re-use as the

Parent Profile

when creating you custom clientssl profiles.

Chase_Abbott

Employee

Mar 31, 2017

And: https://devcentral.f5.com/s/articles/security-sidebar-improving-your-ssl-labs-test-grade

¬†

But related for newer versions.

¬†

Forum Discussion

how to disable all weak ciphers and tlsv1 in ltm11.5.3 globally

Recent Discussions

Open Redirection Mitigation

Azure DP-100 Exam Questions

GTM Packet Capture command

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Related Content

GITEX Global 2023 in Dubai - DevCentral Visits

Global Log Receiver

Disabling Weak Ciphers

Solving for true-source IP with global load balancers in Google Cloud

Disabling Specific Weak Cipher Suites