Keeping TLS Secure

Written by Stephen Mellon

5th February 2020

< 1 min read

TLS 1.0 and TLS 1.1 are to be deprecated this month by Chrome, and by March for other major browsers. After this, users will start getting Secure Connection Failed error messages and will not be connected. In line with this, we recommend disabling TLS 1.0 and TLS 1.1 cipher suites on the F5 for increased security and prevent client-side errors.

For the latest in TLS security, we recommend activating TLS 1.3 on all of your services. TLS 1.3 deprecates legacy encryption algorithms and removes insecure cipher suites. This includes SHA-1, RC4, DES, 3DES, AES-CBC and MD5 which have all been dropped by the latest version of the protocol. This makes TLS 1.3 more secure than older versions which are vulnerable in certain situations. TLS 1.3 has now been supported by all major browsers for several recent software versions.

F5 Big-IP supports TLS 1.3 from TMOS and above. After upgrading to these versions, TLS 1.3 cipher suites are included in the DEFAULT client ciphers. 

Check Out These Related Posts