How to disable TLSv1.1

Question

HI All,&nbsp;
in SSL client ciphers TLSv1  is disabling TLSv1.0 but not TLSv1.1 , Can some one please let me know what should i add to disable TLSv1.1 ?&nbsp;

kevin_stewart · Answer

Add the following notation to your current cipher string in the SSL profile:
:!TLSv1.1

So that might look something like this:
DEFAULT:!TLSv1.1

hannes_rapp · Answer

You need to use an underscore instead of a dot, for example DEFAULT:!TLSv1_1 cipher string will work.
You can verify that :!TLSv1.1 doesn't work by executing the following: tmm --clientciphers 'DEFAULT:!TLSv1.1' (BigIP Bash shell).

hannes_rapp_162 · Answer

You need to use an underscore instead of a dot, for example DEFAULT:!TLSv1_1 cipher string will work.
You can verify that :!TLSv1.1 doesn't work by executing the following: tmm --clientciphers 'DEFAULT:!TLSv1.1' (BigIP Bash shell).

kevin_stewart · Answer

Good catch. ;)&nbsp;

kevin_stewart · Answer

Good catch. ;)&nbsp;

Forum Discussion

How to disable TLSv1.1

6 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

TLSv1.0 and TLSv1.1 disable in Device Certificate

Disable TLSv1.1

Disabling Weak Ciphers

Disabling Specific Weak Cipher Suites

Disable below cipher