TLS1.3 failing on listen port
search cancel

TLS1.3 failing on listen port


Article ID: 242557


Updated On:


CA API Gateway


10.0 CR 4 software gateway 

Enabling TLS 1.3 via PM on listen ports does not appear to function properly.

If TLS1.2 is also enabled, clients connect with 1.2.  If only TLS1.3 is enabled, clients fail to connect and also VIP (F5) probes fail.  

Tested with multiple 1.3 compatible browsers.  



Release : 10.0

Component : API GATEWAY


Ensure that the following cipher suites are enabled when TLS 1.3 option is selected:

  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256

TLS 1.3 was added in CR3 for gateway 10, this is why the documents note to enable the two ciphers.  New features are not added to existing object, if you were to create a new listening port for SSL these would be enabled 

Moving forward gateway 10.1 the default configuration of the ports and new ports created for SSL has 1.2 and 1.3 checked and all the ciphers enabled