iRule for TLS 1.0 to 1.1?

Question

Ok Guys... I have a question that is going to be sort of complex to ask so bear with me. :)&nbsp;
I have an F5 BigIP LTM running 12.1.3. I currently have all of my VIPs setup to use TLS 1.1 or greater...TLS1.0 has been disabled for all VIPs. We have an old Linux server that is in the process of being replaced, just not yet (Cent OS). This Linux server is a Send Mail device setup in our F5, but it appears it is still using TLS1.0.   One of our customers is very concerned about it, since their PCI compliance is based on them NOT using TLS1.0.  Is there anyway for me to set up an iRule or do something in the F5 to allow TLS1.1 and disable 1.0?  Sorry, I wasn't sure on how else to ask this...&nbsp;
I'm certain I left something out that needs to be known, so if you have any question about the F5 setup please ask away.&nbsp;
Thank you for any assistance and moreover your time!&nbsp;
Greg (F5 Noob)&nbsp;

snl · Answer

Refer This link , may help&nbsp;

snl · Answer

Refer This link , may help&nbsp;

greg_black · Answer

Ok, so here is what I ended up doing.&nbsp;
I created a new VIP using the customer's outside IP address (MXToolbox) but confirmed it with them and got their subnet prefix as well.
Used port 25 and then for client SSL I used the one we have in play with our cipher disabling TLS1.0.
After configuring all this, I tested with the customer and all is set.
It turned out to be very simple.&nbsp;

Forum Discussion

iRule for TLS 1.0 to 1.1?

3 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

iRules Style Guide

Hey ChatGPT, can you write iRules?

Redirect TLS 1.1/1.2 clients & Append the incoming URL to the redirect target

POC: Validate JWT with iRule

GSLB Split DNS by iRule