Unable to limit Configuration utility access to clients using only TLSv1.1 or TLSv1.2

Information

You are unable to limit Configuration utility access to clients that are configured to use only TLSv1.1 or TLSv1.2.

This issue occurs when all of the following conditions are met:

You attempt to limit Configuration utility access to TLSv1.1 or TLSv1.2 using one of the following Traffic Management Shell (tmsh) commands:

tmsh modify sys httpd ssl-protocol 'TLSv1.1'
tmsh modify sys httpd ssl-protocol 'TLSv1.2'
tmsh modify sys httpd ssl-protocol 'TLSv1.1 TLSv1.2'
tmsh modify sys httpd ssl-protocol 'ALL -TLSv1 -SSLv2 -SSLv3'

Solution

1. tmsh modify sys httpd ssl-protocol 'ALL -SSLv2 -SSLv3'

See Also

https://support.f5.com/csp/article/K53108777#link_01

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-10, CAT|II, CCI|CCI-000054, Rule-ID|SV-74521r2_rule, STIG-ID|F5BI-DM-000003, Vuln-ID|V-60091

Plugin: F5

Control ID: da756150fa100c21aabf12c8b6ae868e9ac034b8e581d4f3e35719faf7c5d73c