NimbostratusHi all i'm running F5 LTM VE 12.0 and i'm wondering how do i know if TLS 1.0 is enabled for my ssl client and server profiles. I left most config as default except the certs.
NimbostratusHi, you can find the default cipher list in the link which is https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13156.html
If you have question, i want to help you
NimbostratusIn BigIP BASH shell:
tmm --clientciphers "DEFAULT"
tmm --serverciphers "DEFAULT"
If any lines of the output include PROT = TLS1, it's enabled, otherwise not.
(SSL handshake check with cURL)
curl -k --tlsv1 https://somesite.com
If output contains cURL (35) error code, TLSv1 is not available.
AltostratusOne caveat for this: make sure to enclose the cipher string in single quotes if it has an exclamation point in it. SOL15194 has a great deal more info.
CirrostratusYou can always verify by using nmap against one of your virtual servers using the SSL profile in question.
Download NMAP Then run:
nmap --script ssl-enum-ciphers -p 443 www.mysite.com
-p indicates the port the server is listening on. You can point it to a FQDN for an ip address.