Forum Discussion
3 Replies
- NAGCirrostratus
HI Hoang,
1) Disable TLS 1.0 Protocol Detection on Management Interface (using HTTPS)
ANS: if you want to restrict to only TLS 1.1 and TLS 1.2 ciphers and disable use of TLS 1.0, then type the following command :
#tmsh modify /sys httpd ssl-ciphersuite ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1
#tmsh save sys config
#bigstart restart httpd
2) Reconfig Self-signed Certificate on Management Interface
Ans:
K42531434: Replacing the Configuration utility's self-signed SSL certificate with a CA-signed SSL certificate
https://support.f5.com/csp/article/K42531434
Hope this helps.
Let me know if you have any questions,
Nag
- Hoang_HungCirrus
Hi
1) Disable TLS 1.0 Protocol Detection on Management Interface (using HTTPS)
What happent if i use command: #tmsh modify /sys httpd ssl-ciphersuite ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1
#tmsh save sys config
#bigstart restart httpd
>> I think it will Impact all running service on F5 deivice. We on apply on Management Interface..
Please recommend to you.
2) Reconfig Self-signed Certificate on Management Interface
we only reconfig on Management interface.
> Plz help me
Thanks NAG
- NAGCirrostratus
Hi Hoang,
>> I think it will Impact all running service on F5 deivice. We on apply on Management Interface..
Please recommend to you
ANS: It will not impact all the services. It only applies to management GUI interface(configuration Utility) which is accessed via HTTPS.
Here is the documentation from F5 your conformation.
https://clouddocs.f5.com/training/community/public-cloud/html/class4/module2/mgmt-cipher.html
>> we only reconfig on Management interface.
May be you are thinking Configuration utility and Management Interface are 2 different things. F5 calls Management interface as Configuration utility.
"Configuration utility = Management Interface"
Therefore, following article is for management interface.
K42531434: Replacing the Configuration utility's self-signed SSL certificate with a CA-signed SSL certificate
https://support.f5.com/csp/article/K42531434
Hope this helps.
Thank you
Nag