Filter by:
  • Solution
  • Technology

answers

is TLS Version 1.1 Supported on Big IP

Updated 6/16/2010 • Originally posted on 16-Jun-2010 by nassahla 0

Hello All we have an some Terminal that needs to connect to one of our Front End Boxes, it is going to be using SSL, there appears to be a limitation for the Termnal to be able to connect using TLS 1.1 is this supported on the Big ip ltm either 3900 or 1600 i looked through the Profile ssl client i did not see anything like about ssl 1.1 ...
0
Rate this Question

Answers to this Question

12 Answers:

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 17-Jun-2010 • Originally posted on 17-Jun-2010 by hoolio 2066
TLS v1.1 is definitely supported on all LTM platforms and software versions. You can capture a tcpdump of the issue and then either use Wireshark with the SSL private key imported or ssldump to decrypt the trace and diagnose the issue. If you need any help capturing or analyzing the traces, you can search on AskF5 for tcpdump and ssldump, or open a case with F5 Support.

Aaron
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 17-Jun-2010 • Originally posted on 17-Jun-2010 by Chris Miller
Hoolio - I see there are options in the SSL profiles for disabling SSLv2, v3, TLSv1, etc...any idea why there isn't one for disabling TLSv1.1? I can't think of a reason you'd want to but I think it not being listed as an option probably contributes to confusion about it being usable.
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 17-Jun-2010 • Originally posted on 17-Jun-2010 by hoolio 2066
Sorry, I was being a numpty and was thinking of TLSv1--not TLSv1.1. I couldn't find any docs on support for TLSv1.1 and none of the clients (openssl, curl, etc) I can find support it to try testing. I'd hazard a guess that LTM might not support v1.1. You might try opening a support case with F5 to check on this. If you do, can you reply back here with what you find?

Thanks, Aaron
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 17-Jun-2010 • Originally posted on 17-Jun-2010 by nassahla 0
Thanks guys i was curious why there wasn't any reference to TLS 1.1, so by default if TLS 1.1 is presented to the LTM it will negotiate without the need for any Irule trick... ? ..
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 17-Jun-2010 • Originally posted on 17-Jun-2010 by nassahla 0
Awesome another good reason to migrate off the CSS 1100 We have, i have not set the environment on the LTM yet i am just in the process of selling the idea to management.. thanks again ..
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 17-Jun-2010 • Originally posted on 17-Jun-2010 by Jason Rahm
TLS versions 1.1 & 1.2 are not yet supported.
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 18-Jun-2010 • Originally posted on 18-Jun-2010 by hoolio 2066
Thanks for confirming Jason. nassahla, you could open a case with F5 Support to find out more on F5's plans to support TLSv1.1 and TLSv1.2 (once the spec is complete).

Aaron
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 20-Jun-2010 • Originally posted on 20-Jun-2010 by nassahla 0
I have begun the process i contacted our account rep, i will report back with the outcome... thanks...
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 22-Dec-2011 • Originally posted on 22-Dec-2011 by Mack Hanson 5
Is there any news regarding TLS 1.1 and 1.2 support? Is it already released? If so, please point me at an article describing how to deny TLS 1.0 and require TLS 1.1.
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 22-Dec-2011 • Originally posted on 22-Dec-2011 by nitass 12650
TLS 1.2 has been supported since10.2.3.

Release Note: BIG-IP LTM and TMOS version 10.2.3
http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnotes-LTM-10-2-3.html

for TLS 1.1, initially we had no plan in supporting it. anyway, i am not sure about right now (after having BEAST).
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 27-Dec-2011 • Originally posted on 27-Dec-2011 by hoolio 2066
Yes, TLS 1.2 is supported as of 10.2.3 and 11.1. I believe TLS 1.1 support is on the roadmap for upcoming releases.

Aaron
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 05-Dec-2012 • Originally posted on 05-Dec-2012 by Jason Rahm
TLS 1.1 is supported in 11.2.1, possibly earlier
;