Virtual Service TLS version

Hi,

Are you able to enable TLS1.0 en TLS1.1 on a running Virtual Service? Before we only allowed TLS1.2 and TLS1.3, for a test we want to enable TLS1.0 en TLS1.1. But SSL Labs states that TLS1.0 and TLS1.1 are not enabled on the server. Are the configuration changes active immediately, or does time need to pass by?

Thanks in advance. 

0

5 comments

Avatar

Nick Smylie

Hi @networking,

If you are SSL offloading you can select the TLS versions inside the the VS under SSL properties, screenshot attached.  If you are not SSL offloading the TLS versions will be coming from your server and have nothing to do with the LoadMaster.

0

Avatar

Vebego Germany

Hi Nick, 

SSL Offloading is configured, look at the screenshot below. The certificates are also installed. 

 

SSL Labs shows the following configuration: 

 

Any idea why it is says that TLS 1.1 and TLS 1.0 are not configured?

 

Thanks in advance!

0

Avatar

Nick Smylie

Hi,

Hard to say honestly.  It takes effect immediately.  Dumb question, but you are doing the SSL test on the right VIP correct?  Are you able to make more drastic changes and perhaps turn off TLS1.3 and see if the test picks that up?

0

Avatar

Vebego Germany

Hi,

 

Turning off TLS1.3 is effective immediately. Maybe TLS1.0 and TLS1.1 get disabled when TLS1.2 and TLS1.3 are active? When I disable both TLS1.2 and TLS1.3, the website is not available. So maybe that's why SSL Labs is shows that 1.0 and 1.1 are turned off.  

0

Avatar

Nick Smylie

Hi,

I am going to have someone reach out to you and open up a support case for you.  Would be best that way.

0

Please to leave a comment.

Didn't find what you were looking for?