Forum Discussion

Nimbostratus

Jan 19, 2016

need to disable TLSv1.0 support on GTM 4000 running 11.5.3

I have a security requirement to disable SSLv3, RC4, and TLSv1.0 on my GTM 4000 device. I have the SSLv3 and RC4 requirements met, but in testing I can still access the web console with a browser tha...

LTM

security

Brad_Parker

Cirrus

Jan 20, 2016

If I read your question right you are wanting to disable TLSv1 to the device's management interface itself, correct? If that is the case, you can not disable TLSv1 just yet. While technically you could by altering the cipher string with

tmsh modify sys httpd ssl-ciphersuite

, this causes issues with iControl and possibly iQuery since the version of modSSL currently doesn't support TLSv1.1+. I found this myself when we tried to disable TLSv1.

Luckily in 12.0 HF1 that has now been pacthed and you can change the allowed SSL version to disable TLSv1 appropriately using

tmsh modify sys httpd ssl-protocol 'all -SSLv2 -SSLv3 -TLSv1'

Forum Discussion

need to disable TLSv1.0 support on GTM 4000 running 11.5.3

Recent Discussions

snmp automatic stop mail send

BIG-IP DNS iRule issue with static variable

Using okta as SSO to login F5 GUI

(How) can I get two client certificates in one APM session?

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Related Content

TLSv1.0 and TLSv1.1 disable in Device Certificate

Support and Help for DevCentral and Offline Contact

Cipher Suites Supported (12.1.5.3)

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Disabling Weak Ciphers