TMOS script for updating SSL profile cipher group and TLS versions

Question

Hello,With 2024 just around the corner and many organizations aligning with NIST's SP 80052r2 guidelines, I need an efficient way to use TMOS to change my SSL profile settings. I have reviewed previous posts that go over the SSL profile creation process via TMOS, but I would like to edit my current existing profiles to be compliant with security policies.&nbsp;For example, let's say I have two SSL profiles test.com_sslprofile and test.org_sslprofile, and currently they use the f5-secure cipher group and have TLS 1.0, 1.1, 1.2 enabled and TLS 1.3 disabled. Do you know of any TMOS commands that I can use to update these SSL profiles to new settings that use the new_secure_cipher_group and disable TLS 1.0 and 1.1 and enable TLS 1.3?&nbsp;Thank you.

zamroni777 · Accepted Answer

the ssl profile commands are in here:https://clouddocs.f5.com/cli/tmsh-reference/latest/modules/ltm/ltm_profile_client-ssl.htmli suggest you install VE for testing the command

redadmin1972 · Answer

Thank you, this is the command that I have used to successfully update the cipher group for an SSL profile via tmsh:

tmsh modify ltm profile client-ssl <enter_ssl_profile_name> cipher-group <enter_cipher_group_name>

Forum Discussion

TMOS script for updating SSL profile cipher group and TLS versions

2 Replies

Recent Discussions

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

Related Content

Update your DevCentral user profile

TMOS Version Update Paths

Auditing Security Policy Updates

Clouddocs Updates

Set HTTP version