Forum Discussion
The title is misleading, it shouldn't be redirect, but something like, Client traffic 1.0 and server sider traffic on tls1.2.
Also, remember there's no point of forcing tls1.0 on clientside when the client can/may communicate on tls1.2.
tls1.0 has vulnerabilities, so unless there's a real reason, you shouldn't be using it. If the clients are upstreams to your VS, then you should take effort in remediating the upstreams to communicate in tls1.2, not the otherway around. This puts risk in the environment.
The default clientssl & serverssl support all tls versions, so I'd say you build your custom clientssl profile and simply put defaults-from to clientssl, so even if tls1.0 clients come, they'll be allowed and if of higher version come, they'd still be sent. This requires you to understand your requirement and build the setup.
On the serverside, the detault serverssl would suffice. It will communicate on tls1.2.