Forum Discussion

Sean_Gray_14855's avatar
Sean_Gray_14855
Icon for Nimbostratus rankNimbostratus
Apr 17, 2014

Enabling PFS

Hi everyone, I've been trying to get PFS enabled on my LTM (ver 11.4.1) and am running into a blocker. I've tried various cipher string options and have no luck so far. I've also opened a ticket wi...
11.4
application delivery
LTM
security
ssl
JMart_143192's avatar
JMart_143192
Icon for Nimbostratus rankNimbostratus

Hello everyone,

I am trying to get the PFS enabled on my platform, I have the following profile enabled:

ltm profile client-ssl /Common/clientssl_HB_users {
        app-service none
        ca-file /Common/cert.crt
        cert /Common/cert_2015.crt
        ciphers DEFAULT:!COMPAT:ECDHE+AES:ECDHE+3DES:AES:3DES:!MD5:!EXPORT:!DES:!EDH:!RC4
        defaults-from /Common/clientssl
        key /Common/cert_2015.key
        options { dont-insert-empty-fragments no-sslv3 }
        renegotiation disabled

I'm getting and A- on SSL Test and I need to upgrade it, My platform is on version 11.4.1 HF 6. Could you help me to solutionate this? Thank you so much! Thank you so much.

JMart_143192's avatar
JMart_143192
Icon for Nimbostratus rankNimbostratus
Aug 14, 2015
Helo Steve M. Thank for your response! Yes my problem is with the FS (Forward Secrecy) it doesn't show an specific state more than "Forward Secrecy No WEAK" and it only shows me that I am not supporting FS for no one of the browsers I thought that the only thing that I see every site is that I have to put the ECDHE in the ciphers but it wasn't all for me. I don't know how can I improve this, Thank you so much