Forum Discussion
Anthony_Epron
Oct 14, 2015Nimbostratus
Disable forward secrecy for a SSL Profile
Hi,
I want disable forward secrecy in a client SSL profile.
How i can do that ?
Thanks.
Kevin_Stewart
Oct 14, 2015Employee
EDH and DHE are confusingly synonymous, and naming is completely dependent on the cipher engine. If you look at the supported ciphers on the BIG-IP:
tmm --clientciphers 'ALL'
You won't see EDH, but you will see DHE. But to your question, EDH and DHE are both the same thing and therefore ephemeral (perfect forward secret). And since the BIG-IP's crypto engine doesn't call it EDH you just need to remove DHE (and ECDHE) from the available ciphers.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects