Forum Discussion

Nimbostratus

Apr 17, 2014

Enabling PFS

Hi everyone, I've been trying to get PFS enabled on my LTM (ver 11.4.1) and am running into a blocker. I've tried various cipher string options and have no luck so far. I've also opened a ticket wi...

Nimbostratus

Got this working fine a while ago using the above suggestions. I did run into a problem with killing certain versions of IE and Windows that I actually did want to support, so I ended up with the following as my cipher string which allowed me to support all of the OS/browser combos I wanted while also supporting PFS:

ECDHE+AES-GCM:NATIVE:!MD5:!EXPORT:!DES:!DHE:!EDH:!RC4:!ADH:!SSLv3:@SPEED

After doing this, setting up the iRule for HSTS, and renewing my cert with SHA-256 my site hit the "A+" mark with SSLLabs.

Steve_M__153836

Nimbostratus

Jun 30, 2015

AJ the GCM suites are only available starting with 11.5.0.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Enabling PFS

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Enable SAML Service Provider on F5 Distributed Cloud Application

Enable telnet on SSH

Enabling F5 Distributed Cloud Fraud and Risk Solutions with ForgeRock Connector

enable WebSocket profile.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS