Forum Discussion
HI Hoang,
1) Disable TLS 1.0 Protocol Detection on Management Interface (using HTTPS)
ANS: if you want to restrict to only TLS 1.1 and TLS 1.2 ciphers and disable use of TLS 1.0, then type the following command :
#tmsh modify /sys httpd ssl-ciphersuite ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1
#tmsh save sys config
#bigstart restart httpd
2) Reconfig Self-signed Certificate on Management Interface
Ans:
K42531434: Replacing the Configuration utility's self-signed SSL certificate with a CA-signed SSL certificate
https://support.f5.com/csp/article/K42531434
Hope this helps.
Let me know if you have any questions,
Nag
- Hoang_HungJun 15, 2020Cirrus
Hi
1) Disable TLS 1.0 Protocol Detection on Management Interface (using HTTPS)
What happent if i use command: #tmsh modify /sys httpd ssl-ciphersuite ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1
#tmsh save sys config
#bigstart restart httpd
>> I think it will Impact all running service on F5 deivice. We on apply on Management Interface..
Please recommend to you.
2) Reconfig Self-signed Certificate on Management Interface
we only reconfig on Management interface.
> Plz help me
Thanks NAG