Forum Discussion

Nimbostratus

12 years ago

Enabling PFS

Hi everyone, I've been trying to get PFS enabled on my LTM (ver 11.4.1) and am running into a blocker. I've tried various cipher string options and have no luck so far. I've also opened a ticket wi...

Nimbostratus

11 years ago

Hey, I'm running into the same obsolete error message. Running 11.5.1, I tried your last suggestion of the following in the profile cipher list...... AES-GCM+HIGH:ECDHE+HIGH:HIGH:@STRENGTH:!RSA:!SSLV3

and this also didn't resolve.

Steve_M__153836

Nimbostratus

11 years ago

Good to hear. I'm interested to know what the devs come back with in terms of browser compatibility using just that cipher suite. I was able to reproduce your issue. I think the problem is that my initial cipher suite order that I posted didn't support any AES-GCM cipher suites that were 128-bit and I think browsers are still going after the 128-bit ciphers. Just a guess, but I think that's it. Once I tweaked it to allow a 128-bit AES-GCM cipher towards the top it used the GCM cipher suite. I used AES-GCM+ECDHE:NATIVE:!ADH:!DHE:!RSA

Forum Discussion

Enabling PFS

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Query on source IP preservation for syslog traffic through F5 virtual server

Related Content

Building digital resilience to enable digital sovereignty

AI-Enabled Risk Scoring Helps Reduce Risks

enable WebSocket profile.

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions