Forum Discussion
aalkhuja_160331
Cirrus
Feb 07, 2017Enable Forward Secrecy
Hi all
How to enable forward secrecy on a specific virtual server?
Thank you
Ammar
nathe
Cirrocumulus
Feb 07, 2017From Wikipedia
In Transport Layer Security (TLS), Diffie–Hellman key exchange-based PFSs (DHE-RSA, DHE-DSA) and elliptic curve Diffie–Hellman-based PFSs (ECDHE-RSA, ECDHE-ECDSA) are available.
To achieve this on the BIG-IP then you'll need to amend the Client SSL profile assigned to your virtual servers and prioritise Diffie-Hellman or Elliptic curve Diffie Hellman (or exclude all others of course). There is a lengthy DevCentral post here which will help you: Enabling PFS
Hope this helps,
N
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects