Forum Discussion

aalkhuja_160331

Cirrus

Feb 07, 2017

Enable Forward Secrecy

Hi all How to enable forward secrecy on a specific virtual server? Thank you Ammar

application delivery

LTM

nathe

Cirrocumulus

Feb 07, 2017

From Wikipedia

In Transport Layer Security (TLS), Diffie–Hellman key exchange-based PFSs (DHE-RSA, DHE-DSA) and elliptic curve Diffie–Hellman-based PFSs (ECDHE-RSA, ECDHE-ECDSA) are available.

To achieve this on the BIG-IP then you'll need to amend the Client SSL profile assigned to your virtual servers and prioritise Diffie-Hellman or Elliptic curve Diffie Hellman (or exclude all others of course). There is a lengthy DevCentral post here which will help you: Enabling PFS

Hope this helps,

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Enable Forward Secrecy

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Need F5 iRules Consultant - HTTP Header Manipulation Issues

Ssl profile different in case of retry

WebSocket connection to 'wss://...' failed: Invalid frame header

L7DoS Profile does not show baseline traffic.

Checkpoint Web Smartconsole behind reverse proxy.

Related Content

Lightboard Lessons: Perfect Forward Secrecy

Lightboard Lesson: Perfect Forward Secrecy Inspection Visibility

Heartbleed and Perfect Forward Secrecy

Bleichenbacher vs. Forward Secrecy: How much of your TLS is still RSA?

Lightboard Lessons: Unexpected Side Effects of Perfect Forward Secrecy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS