For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sean_Gray_14855's avatar
Sean_Gray_14855
Icon for Nimbostratus rankNimbostratus
Apr 17, 2014

Enabling PFS

Hi everyone, I've been trying to get PFS enabled on my LTM (ver 11.4.1) and am running into a blocker. I've tried various cipher string options and have no luck so far. I've also opened a ticket with f5 support and they just point me to various devcentral discussions that don't have the detail I need.

 

So I guess my question is: what are the cipher options I need to add/remove to enable PFS on a SSL client profile? or is there another way to get PFS going that I am missing?

 

Thanks!

 

11.4
application delivery
LTM
security
ssl

53 Replies

Show More
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 18, 2014

    I'm still trying to get SSL Labs to confirm PFS is enabled and am unsuccessful.

    if you want pfs, why don't you specify only ECDHE (e.g. ECDHE)?

    by the way, isn't it clientcipher (clientssl profile)?

    [root@ve11a:Active:In Sync] config  tmm --clientcipher ECDHE
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM  SHA384  ECDHE_RSA
 1: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES     SHA384  ECDHE_RSA
 2: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1    Native  AES     SHA     ECDHE_RSA
 3: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  Native  AES     SHA     ECDHE_RSA
 4: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  Native  AES     SHA     ECDHE_RSA
 5: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1    Native  DES     SHA     ECDHE_RSA
 6: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.1  Native  DES     SHA     ECDHE_RSA
 7: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.2  Native  DES     SHA     ECDHE_RSA
 8: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM  SHA256  ECDHE_RSA
 9: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES     SHA256  ECDHE_RSA
10: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1    Native  AES     SHA     ECDHE_RSA
11: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  Native  AES     SHA     ECDHE_RSA
12: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  Native  AES     SHA     ECDHE_RSA
    • Steve_M__153836's avatar
      Steve_M__153836
      Icon for Nimbostratus rankNimbostratus
      Apr 27, 2015
      Check this out: https://www.chromium.org/Home/chromium-security/education/tlsTOC-Deprecation-of-TLS- Features-Algorithms-in-Chrome. ~~~ "Obsolete Cipher Suites You may see: “Your connection to example.com is encrypted with obsolete cryptography.” This means that the connection to the current website is using an outdated cipher suite (which Chrome still allows if the server insists on it). In order for the message to indicate “modern cryptography”, the connection should use the latest version of TLS with forward secrecy and a good (authenticated) cipher. As of mid-2015, the latest version of TLS is 1.2 and the only ciphers that Chrome considers modern are GCM or CHACHA20_POLY1305." ~~~ I think this is our answer. I don't want to only supply those ciphers. I think that's much, much too narrow. So A) does 11.4.1 support those ciphers (I'll see what I can find in the docs, should be easy to find) and what variables represent them in the cipher suite so I can prefer them (this I'm not so sure how to find)? EDIT: GCM is supported starting in 11.5.0 so I need to migrate to that (or more likely 11.5.2) before being able to test/resolve this warning. I have some lab VEs i fired up 11.5.2 on. I think this is probably the cipher suite order I would use to resolve the "obsolete cryptography", maintain support for PFS, and maintain enough available suites to satisfy a variety of browsers. AES-GCM+HIGH:ECDHE+HIGH:HIGH:@STRENGTH:!RSA:!SSLV3
    • Steve_M__153836's avatar
      Steve_M__153836
      Icon for Nimbostratus rankNimbostratus
      Apr 27, 2015
      Some error in Chrome as earlier when I excluded SHA1. ERR_SSL_VERSION_OR_CIPHER_MISMATCH A secure connection cannot be established because this site uses an unsupported protocol.
    • nitass's avatar
      nitass
      Icon for Employee rankEmployee
      Apr 24, 2015
      it seems there are only 2 ciphers using sha256 in 11.4.1 hf7. would you like to try AES128-SHA256? [root@B4200-R77-S7:Active:Standalone] config tmm --clientciphers sha256 ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 1: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 18, 2014

    So I guess my question is: what are the cipher options I need to add/remove to enable PFS on a SSL client profile? or is there another way to get PFS going that I am missing?

    i understand pfs is included since 11.2.1. you can display cipher suite list using tmm --clientciphers and tmm --serverciphers command.

    Diffie-Hellman SSL key exchange cipher

The Diffie-Hellman SSL key exchange cipher, which provides perfect forward secrecy (PFS), is now included natively. This provides better performance for configurations using Diffie-Hellman, especially on physical platforms that have hardware SSL acceleration.

    Release Note: BIG-IP LTM and TMOS 11.2.1

    https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-2-1.htmlrn_new

    • Sean_Gray_14855's avatar
      Sean_Gray_14855
      Icon for Nimbostratus rankNimbostratus
      Apr 18, 2014
      Thanks! Having read as much documentation as I can scrape up, I'm still trying to get SSL Labs to confirm PFS is enabled and am unsuccessful. Here's my cipher string: [root@lbl701:Active:In Sync] config tmm --serverciphers DEFAULT:@STRENGTH:-RC4 ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 53 AES256-SHA 256 SSL3 Native AES SHA RSA 1: 53 AES256-SHA 256 TLS1 Native AES SHA RSA 2: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 3: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 4: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 5: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA 7: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 8: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 9: 10 DES-CBC3-SHA 192 SSL3 Native DES SHA RSA 10: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA 11: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA 12: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 13: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA 14: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA 15: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA 16: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA 17: 47 AES128-SHA 128 SSL3 Native AES SHA RSA 18: 47 AES128-SHA 128 TLS1 Native AES SHA RSA 19: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 20: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 21: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 22: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 23: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA 24: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 25: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA Do I need to disable all non-ECDHE to get this to work?
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Apr 18, 2014

    So I guess my question is: what are the cipher options I need to add/remove to enable PFS on a SSL client profile? or is there another way to get PFS going that I am missing?

    i understand pfs is included since 11.2.1. you can display cipher suite list using tmm --clientciphers and tmm --serverciphers command.

    Diffie-Hellman SSL key exchange cipher

The Diffie-Hellman SSL key exchange cipher, which provides perfect forward secrecy (PFS), is now included natively. This provides better performance for configurations using Diffie-Hellman, especially on physical platforms that have hardware SSL acceleration.

    Release Note: BIG-IP LTM and TMOS 11.2.1

    https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-2-1.htmlrn_new

    • Sean_Gray_14855's avatar
      Sean_Gray_14855
      Icon for Nimbostratus rankNimbostratus
      Apr 18, 2014
      Thanks! Having read as much documentation as I can scrape up, I'm still trying to get SSL Labs to confirm PFS is enabled and am unsuccessful. Here's my cipher string: [root@lbl701:Active:In Sync] config tmm --serverciphers DEFAULT:@STRENGTH:-RC4 ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 53 AES256-SHA 256 SSL3 Native AES SHA RSA 1: 53 AES256-SHA 256 TLS1 Native AES SHA RSA 2: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 3: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 4: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 5: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA 7: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 8: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 9: 10 DES-CBC3-SHA 192 SSL3 Native DES SHA RSA 10: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA 11: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA 12: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 13: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA 14: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA 15: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA 16: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA 17: 47 AES128-SHA 128 SSL3 Native AES SHA RSA 18: 47 AES128-SHA 128 TLS1 Native AES SHA RSA 19: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 20: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 21: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 22: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 23: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA 24: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 25: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA Do I need to disable all non-ECDHE to get this to work?