Forum Discussion
Brad_Parker
Jan 20, 2016Cirrus
If I read your question right you are wanting to disable TLSv1 to the device's management interface itself, correct? If that is the case, you can not disable TLSv1 just yet. While technically you could by altering the cipher string with
tmsh modify sys httpd ssl-ciphersuite
, this causes issues with iControl and possibly iQuery since the version of modSSL currently doesn't support TLSv1.1+. I found this myself when we tried to disable TLSv1.
Luckily in 12.0 HF1 that has now been pacthed and you can change the allowed SSL version to disable TLSv1 appropriately using
tmsh modify sys httpd ssl-protocol 'all -SSLv2 -SSLv3 -TLSv1'
.