Forum Discussion

Sean_Gray_14855

Icon for Nimbostratus rank

Nimbostratus

Apr 17, 2014

Enabling PFS

Hi everyone, I've been trying to get PFS enabled on my LTM (ver 11.4.1) and am running into a blocker. I've tried various cipher string options and have no luck so far. I've also opened a ticket with f5 support and they just point me to various devcentral discussions that don't have the detail I need.

So I guess my question is: what are the cipher options I need to add/remove to enable PFS on a SSL client profile? or is there another way to get PFS going that I am missing?

Thanks!

application delivery

Rahul_Kaul
Cirrus
Feb 12, 2020
We have to enable only ciphers having "DHE" as Diffie-Hellman Ephemeral (DHE) key exchange method provides Perfect Forward Privacy. https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/big-ip-system-ssl-traffic-management-14-1-0-1/10.html

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming