For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sean_Gray_14855

Icon for Nimbostratus rank

Nimbostratus

Apr 17, 2014

Enabling PFS

Hi everyone, I've been trying to get PFS enabled on my LTM (ver 11.4.1) and am running into a blocker. I've tried various cipher string options and have no luck so far. I've also opened a ticket wi...

application delivery

Sean_Gray_14855

Icon for Nimbostratus rank

Nimbostratus

Apr 28, 2015

Got this working fine a while ago using the above suggestions. I did run into a problem with killing certain versions of IE and Windows that I actually did want to support, so I ended up with the following as my cipher string which allowed me to support all of the OS/browser combos I wanted while also supporting PFS:

ECDHE+AES-GCM:NATIVE:!MD5:!EXPORT:!DES:!DHE:!EDH:!RC4:!ADH:!SSLv3:@SPEED

After doing this, setting up the iRule for HSTS, and renewing my cert with SHA-256 my site hit the "A+" mark with SSLLabs.

Steve_M__153836

Icon for Nimbostratus rank

Nimbostratus

Jun 30, 2015

AJ the GCM suites are only available starting with 11.5.0.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5