What is the TMSH command to uncheck an option in a child profile?

Not sure David but here is the TMSH Reference Guide. A downloadable PDF so you can search commands:

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-tmsh-reference-12-0-0.html

This is for v12 but other versions are available. Search TMSH () and under Filter results by document type: click Manual.

Hope that helps,

ps

Thanks for the response, Peter!

I did see the options there, and tried the "none" setting. However, it appears that it still doesn't return to the settings in the parent profile. It sets it to "none", which is not the desired results. I would expect the right command to delete the entry as it isn't displayed until modified.

Thanks!

Additionally, I tried the edit command, and simply deleted the ciphers line. My expectation being it would be removed. However, it was left in place with a lower case "default". Given the actual default is DEFAULT, I am assuming that is the list of CIPHERs implemented after that change. It seems only unchecking it in the GUI makes it use the CIPHERS listed in the parent profile, and returning all the tmsh output back to the original state.

Thanks again!

Try

tmsh modify ltm profile client-ssl NAME ciphers default-value

Apparently not in version 11.5.3, so perhaps an upgrade to version 11.6.0 or later (which does support the "default-value" operand) should also be in in your plans. Actually, I'd recommend going to 11.6.1 along with its most recent hotfix rollup upgrade.