Forum Discussion

Nimbostratus

Apr 17, 2014

Enabling PFS

Hi everyone, I've been trying to get PFS enabled on my LTM (ver 11.4.1) and am running into a blocker. I've tried various cipher string options and have no luck so far. I've also opened a ticket wi...

Employee

Apr 17, 2014

So I guess my question is: what are the cipher options I need to add/remove to enable PFS on a SSL client profile? or is there another way to get PFS going that I am missing?

i understand pfs is included since 11.2.1. you can display cipher suite list using tmm --clientciphers and tmm --serverciphers command.

Diffie-Hellman SSL key exchange cipher

The Diffie-Hellman SSL key exchange cipher, which provides perfect forward secrecy (PFS), is now included natively. This provides better performance for configurations using Diffie-Hellman, especially on physical platforms that have hardware SSL acceleration.

Release Note: BIG-IP LTM and TMOS 11.2.1

https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-2-1.htmlrn_new

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)