Forum Discussion
NimbostratusCan't add ECDHE cipher in version 11.3.0
Hi all,
I'm trying to add PFS support but when trying to follow the document "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html?sr=36739985" and add the command "tmsh create /ltm profile client-ssl ciphers DEFAULT:ECDHE:ECDHE_ECDSA:DHE_" I get the following error: invalid keyword.
In addition, when adding only "DEFAULT:ECDHE" and checking using the command "tmm --clientciphers ECDHE" i get nothing:
[admin@lb01:Active:Changes Pending] ~ tmm --clientciphers ECDHE ID SUITE BITS PROT METHOD CIPHER MAC KEYX
Can you please assist?
Thanks Eli
5 Replies
Hannes_RappECDHE is unavailable in v11.3. At least v11.4 is required for any ECDHE cipher suites.
eli1234_26783Thank you! That's weird the document clearly specifies 11.0.0 through 11.4.1.
- Brad_Parker
Cirrus
Here is the list of ciphers in each version. https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html . The document you are referring to does not say ECDHE is supported in 11.0.0 through 1.4.1. EDH is, but that is not ECDHE. EDH is ephemeral Diffie-Hellman using RSA keys vs ECDHE is ephemeral Diffie-Hellman using EC(eliptical curve) keys.
- Kevin_Stewart
Employee
This is a better reference: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html
ECHDE support doesn't come until 11.4.0
- eli1234_26783
Thanks guys :)
