AltostratusHi,
I am working on F5 Vulnerabilities and needs to disable SSL/TLS older versions and to enable only TLS1.2. I have SSL profile but can see "All Option disabled" setting so what does this means.
As far as I know we can disable or enable selected ones from this setting but whats happening if we have All option disabled, Are the older SSL/TLS versions still be working with setting
CumulonimbusIs SSL client profile assigned to virtual server? if it not assigned they there is no use with ssl client profile. To enable only TLS 1.2 you can modify ciphers accordingly and apply to virtual server. What F5 version you are running?
Altostratushi,
yes we have client ssl profile as F5 is working as full proxy so two ssl profiles one for client and one for server.
we are running 10.2 version and soon will upgrade version
AltostratusIs SSL client profile assigned to virtual server? if it not assigned they there is no use with ssl client profile. To enable only TLS 1.2 you can modify ciphers accordingly and apply to virtual server. What F5 version you are running?
Altostratushi,
yes we have client ssl profile as F5 is working as full proxy so two ssl profiles one for client and one for server.
we are running 10.2 version and soon will upgrade version
CumulonimbusTry adding below ciphers in the SSL client profile and test it.
TLSv1_2:!DES:!3DES:!RC4:!ADH
AltostratusHi Thanks,
But this above Cipher have TLSV1 which we dont needs to allow.
But what If I select No SSLv1, No SSLv2 and No SSLv3 and similar for No TLSv1.0, No TLSv1.1 under the enabled options.
will this do the same trick or still i needs to change Ciphers
AltostratusTry adding below ciphers in the SSL client profile and test it.
TLSv1_2:!DES:!3DES:!RC4:!ADH
AltostratusHi Thanks,
But this above Cipher have TLSV1 which we dont needs to allow.
But what If I select No SSLv1, No SSLv2 and No SSLv3 and similar for No TLSv1.0, No TLSv1.1 under the enabled options.
will this do the same trick or still i needs to change Ciphers