For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sean_Gray_14855's avatar
Sean_Gray_14855
Icon for Nimbostratus rankNimbostratus
Apr 17, 2014

Enabling PFS

Hi everyone, I've been trying to get PFS enabled on my LTM (ver 11.4.1) and am running into a blocker. I've tried various cipher string options and have no luck so far. I've also opened a ticket wi...
11.4
application delivery
LTM
security
ssl
sjon_195224's avatar
sjon_195224
Icon for Nimbostratus rankNimbostratus
Apr 28, 2015

Hey, I'm running into the same obsolete error message. Running 11.5.1, I tried your last suggestion of the following in the profile cipher list...... AES-GCM+HIGH:ECDHE+HIGH:HIGH:@STRENGTH:!RSA:!SSLV3

 

and this also didn't resolve.

 

Steve_M__153836's avatar
Steve_M__153836
Icon for Nimbostratus rankNimbostratus
May 04, 2015
Good to hear. I'm interested to know what the devs come back with in terms of browser compatibility using just that cipher suite. I was able to reproduce your issue. I think the problem is that my initial cipher suite order that I posted didn't support any AES-GCM cipher suites that were 128-bit and I think browsers are still going after the 128-bit ciphers. Just a guess, but I think that's it. Once I tweaked it to allow a 128-bit AES-GCM cipher towards the top it used the GCM cipher suite. I used AES-GCM+ECDHE:NATIVE:!ADH:!DHE:!RSA