Disable TLS verion 1.0 and Reconfig Self-signed Certificate on Management Interface

HI Hoang,

1) Disable TLS 1.0 Protocol Detection on Management Interface (using HTTPS)

ANS: if you want to restrict to only TLS 1.1 and TLS 1.2 ciphers and disable use of TLS 1.0, then type the following command :

#tmsh modify /sys httpd ssl-ciphersuite ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1

#tmsh save sys config

#bigstart restart httpd

2) Reconfig Self-signed Certificate on Management Interface

Ans:

K42531434: Replacing the Configuration utility's self-signed SSL certificate with a CA-signed SSL certificate

https://support.f5.com/csp/article/K42531434

Hope this helps.

Let me know if you have any questions,

Nag

Hi Hoang,

>> I think it will Impact all running service on F5 deivice. We on apply on Management Interface..

Please recommend to you

ANS: It will not impact all the services. It only applies to management GUI interface(configuration Utility) which is accessed via HTTPS.

Here is the documentation from F5 your conformation.

https://clouddocs.f5.com/training/community/public-cloud/html/class4/module2/mgmt-cipher.html

>> we only reconfig on Management interface.

May be you are thinking  Configuration utility and Management Interface are 2 different things. F5 calls Management interface as  Configuration utility.

"Configuration utility = Management Interface"

Therefore, following article is for management interface.

K42531434: Replacing the Configuration utility's self-signed SSL certificate with a CA-signed SSL certificate

https://support.f5.com/csp/article/K42531434

Hope this helps.

Thank you

Nag