Forum Discussion
Sean_Gray_14855
Nimbostratus
NimbostratusEnabling PFS
Hi everyone, I've been trying to get PFS enabled on my LTM (ver 11.4.1) and am running into a blocker. I've tried various cipher string options and have no luck so far. I've also opened a ticket wi...
james_lee_31100Nimbostratus
NimbostratusHello:
I have following cert
Common name: landing.XXXX.com SANs: landing.XXXX.com Organization: XXXX Inc. Location: XXXX, Illinois, US Valid from September 4, 2015 to December 3, 2018 Serial Number: 1356153356 (0x50d5420c) Signature Algorithm: sha256WithRSAEncryption Issuer: Entrust Certification Authority - L1K
Common name: Entrust Certification Authority - L1K
Organization: Entrust, Inc. Location: US Valid from October 10, 2014 to October 10, 2024 Serial Number: 1372455166 (0x51ce00fe) Signature Algorithm: sha256WithRSAEncryption Issuer: Entrust.net Certification Authority (2048)
Common name: Entrust.net Certification Authority (2048)
Organization: Entrust.net Valid from December 24, 1999 to July 24, 2029 Serial Number: 946069240 (0x3863def8) Signature Algorithm: sha1WithRSAEncryption Issuer: Entrust.net Certification Authority (2048)
cipher suite as following ECDHE+AES:ECDHE+3DES:RSA+3DES:!SSLv2:!SSLv3:!MD5:!EXPORT:!RC4
Latest version of Chrome: 45.0.2454.85 (64-bit)
Chrome complains following:
Your connection to landing.sirva.com is encrypted using an obsolete cipher suite. Further, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.
The connection uses TLS 1.2.
The connection is encrypted using AES_256_CBC, with HMAC-SHA1 for message authentication and RSA as the key exchange mechanism.
james_lee_31100Nimbostratus
Nimbostratusthanks Steve.. use your suggestion, fixed it
AES-GCM+ECDHE:NATIVE:!RC4:!ADH:!DHE:!EXP:!LOW:!SSLv2:!SSLv3