Forum Discussion
Hannes_Rapp
Mar 04, 2016Nimbostratus
Append +TLSv1 to your clientssl Cipher configuration. This will move all TLSv1.0 cipher suite combinations to the end of the list (least preferred).
I.e:
DEFAULT:+TLSv1
- justin_westove1Mar 04, 2016NimbostratusAwesome thanks! Is this documented somewhere? I looked and couldn't find an article on this.
- justin_westove1Mar 04, 2016NimbostratusSo after I made the change you suggested to the clientssl default cert on the F5 I executed the tmm --clientcipher DEFAULT command and got the following: 0: 159 DHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 EDH/RSA 1: 158 DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 EDH/RSA 2: 57 DHE-RSA-AES256-SHA 256 TLS1 Native AES SHA EDH/RSA 3: 57 DHE-RSA-AES256-SHA 256 TLS1.1 Native AES SHA EDH/RSA 4: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Native AES SHA EDH/RSA Line 2 is the most important in this output, tlsv1 still has priority over tls1.1 or 1.2. Thoughts?