Forum Discussion

ramarao_362244's avatar
ramarao_362244
Icon for Nimbostratus rankNimbostratus
May 23, 2018

Irule to redirect traffic from TLSv1.0 to TLSv1.2 ?

Is there any way we can redirect the traffic from TLSv1.0 to TLSv1.2 in order to connect outside Database connection which accepts only TLSv1.2 connection .

 

4 Replies

  • Not Very much sure about iRule but can apply Client n Server SSL profile(SSL Bridge) to VIP and see if it works for you(

    NON Production only
    ).

  • f5_rock can you please explain or provide a document how it is done.. Thanks in Advance

     

    • Samir_Jha_52506's avatar
      Samir_Jha_52506
      Icon for Noctilucent rankNoctilucent

      Please try in Non-prod environment as I haven't validated so far.

       

      F5 Server SSL profile enables the BIG-IP system to initiate secure connections to your SSL servers by using a fully SSL-encapsulated protocol and providing configurable settings for managing server-side SSL connections.

       

      So, We will apply certificate on server and create two profile(Client n Server SSL) on F5. Make sure you will disable TLS1.0, SSLv1, SSLv2 on Server SSL profile.

       

      User --> VIP > Profiles > ClientSSL <--> ServerSSL > Server.

       

      Hope you understand me. Paste if any question.

       

  • Hi,

     

    Not sure about you meaning for redirect from TLS1.0 to TLS1.2. But normally if you configure the F5 as SSL Re-encryption. You can configure options list under client ssl profile by disable TLSv1.1, TLSv1.2 and leave the default for server ssl profile.