Forum Discussion
Kevin_Stewart
Oct 14, 2015Employee
EDH and DHE are confusingly synonymous, and naming is completely dependent on the cipher engine. If you look at the supported ciphers on the BIG-IP:
tmm --clientciphers 'ALL'
You won't see EDH, but you will see DHE. But to your question, EDH and DHE are both the same thing and therefore ephemeral (perfect forward secret). And since the BIG-IP's crypto engine doesn't call it EDH you just need to remove DHE (and ECDHE) from the available ciphers.