Forum Discussion

Nimbostratus

Apr 17, 2014

Enabling PFS

Hi everyone, I've been trying to get PFS enabled on my LTM (ver 11.4.1) and am running into a blocker. I've tried various cipher string options and have no luck so far. I've also opened a ticket wi...

Nimbostratus

Got this working fine a while ago using the above suggestions. I did run into a problem with killing certain versions of IE and Windows that I actually did want to support, so I ended up with the following as my cipher string which allowed me to support all of the OS/browser combos I wanted while also supporting PFS:

ECDHE+AES-GCM:NATIVE:!MD5:!EXPORT:!DES:!DHE:!EDH:!RC4:!ADH:!SSLv3:@SPEED

After doing this, setting up the iRule for HSTS, and renewing my cert with SHA-256 my site hit the "A+" mark with SSLLabs.

Steve_M__153836

Nimbostratus

Apr 28, 2015

Very cool on the A+. Thanks for the update. Can you elaborate on what versions of IE/Windows you had issues with and why? I know IE6 will obviously not work, but I'm interested to hear about other versions.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Enabling PFS

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Enable SAML Service Provider on F5 Distributed Cloud Application

Enabling F5 Distributed Cloud Fraud and Risk Solutions with ForgeRock Connector

Enable telnet on SSH

enable WebSocket profile.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS