Enabling PFS

So I guess my question is: what are the cipher options I need to add/remove to enable PFS on a SSL client profile? or is there another way to get PFS going that I am missing?

i understand pfs is included since 11.2.1. you can display cipher suite list using tmm --clientciphers and tmm --serverciphers command.

Diffie-Hellman SSL key exchange cipher

The Diffie-Hellman SSL key exchange cipher, which provides perfect forward secrecy (PFS), is now included natively. This provides better performance for configurations using Diffie-Hellman, especially on physical platforms that have hardware SSL acceleration.

Release Note: BIG-IP LTM and TMOS 11.2.1

https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-2-1.htmlrn_new

So I guess my question is: what are the cipher options I need to add/remove to enable PFS on a SSL client profile? or is there another way to get PFS going that I am missing?

i understand pfs is included since 11.2.1. you can display cipher suite list using tmm --clientciphers and tmm --serverciphers command.

Diffie-Hellman SSL key exchange cipher

The Diffie-Hellman SSL key exchange cipher, which provides perfect forward secrecy (PFS), is now included natively. This provides better performance for configurations using Diffie-Hellman, especially on physical platforms that have hardware SSL acceleration.

Release Note: BIG-IP LTM and TMOS 11.2.1

https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-2-1.htmlrn_new

I'm still trying to get SSL Labs to confirm PFS is enabled and am unsuccessful.

if you want pfs, why don't you specify only ECDHE (e.g. ECDHE)?

by the way, isn't it clientcipher (clientssl profile)?

[root@ve11a:Active:In Sync] config  tmm --clientcipher ECDHE
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM  SHA384  ECDHE_RSA
 1: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES     SHA384  ECDHE_RSA
 2: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1    Native  AES     SHA     ECDHE_RSA
 3: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  Native  AES     SHA     ECDHE_RSA
 4: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  Native  AES     SHA     ECDHE_RSA
 5: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1    Native  DES     SHA     ECDHE_RSA
 6: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.1  Native  DES     SHA     ECDHE_RSA
 7: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.2  Native  DES     SHA     ECDHE_RSA
 8: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM  SHA256  ECDHE_RSA
 9: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES     SHA256  ECDHE_RSA
10: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1    Native  AES     SHA     ECDHE_RSA
11: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  Native  AES     SHA     ECDHE_RSA
12: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  Native  AES     SHA     ECDHE_RSA

I'm still trying to get SSL Labs to confirm PFS is enabled and am unsuccessful.

if you want pfs, why don't you specify only ECDHE (e.g. ECDHE)?

by the way, isn't it clientcipher (clientssl profile)?

[root@ve11a:Active:In Sync] config  tmm --clientcipher ECDHE
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM  SHA384  ECDHE_RSA
 1: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES     SHA384  ECDHE_RSA
 2: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1    Native  AES     SHA     ECDHE_RSA
 3: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  Native  AES     SHA     ECDHE_RSA
 4: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  Native  AES     SHA     ECDHE_RSA
 5: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1    Native  DES     SHA     ECDHE_RSA
 6: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.1  Native  DES     SHA     ECDHE_RSA
 7: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.2  Native  DES     SHA     ECDHE_RSA
 8: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM  SHA256  ECDHE_RSA
 9: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES     SHA256  ECDHE_RSA
10: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1    Native  AES     SHA     ECDHE_RSA
11: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  Native  AES     SHA     ECDHE_RSA
12: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  Native  AES     SHA     ECDHE_RSA

Try this string. It "prefers" DHE ciphers but allows all other normal ciphers just in case the client doesn't want to go ECDHE.

ECDHE+HIGH:HIGH

Hey, I'm running into the same obsolete error message. Running 11.5.1, I tried your last suggestion of the following in the profile cipher list...... AES-GCM+HIGH:ECDHE+HIGH:HIGH:@STRENGTH:!RSA:!SSLV3

and this also didn't resolve.

Got this working fine a while ago using the above suggestions. I did run into a problem with killing certain versions of IE and Windows that I actually did want to support, so I ended up with the following as my cipher string which allowed me to support all of the OS/browser combos I wanted while also supporting PFS:

ECDHE+AES-GCM:NATIVE:!MD5:!EXPORT:!DES:!DHE:!EDH:!RC4:!ADH:!SSLv3:@SPEED

After doing this, setting up the iRule for HSTS, and renewing my cert with SHA-256 my site hit the "A+" mark with SSLLabs.

My initial cipher string was simply "ECDHE" which actually crushed all but 2 (as I recall, only IE11 was fine) of the Windows/IE combos. It also killed a few of the java ones, and a few others. So I played around quite a bit, and had to add AES-GCM but explicitly disable weaker ciphers that came along with it. Currently only IE6/XP is not supported which I'm totally fine with, while maintaining PFS.

Hello everyone,

I am trying to get the PFS enabled on my platform, I have the following profile enabled:

ltm profile client-ssl /Common/clientssl_HB_users {
        app-service none
        ca-file /Common/cert.crt
        cert /Common/cert_2015.crt
        ciphers DEFAULT:!COMPAT:ECDHE+AES:ECDHE+3DES:AES:3DES:!MD5:!EXPORT:!DES:!EDH:!RC4
        defaults-from /Common/clientssl
        key /Common/cert_2015.key
        options { dont-insert-empty-fragments no-sslv3 }
        renegotiation disabled

I'm getting and A- on SSL Test and I need to upgrade it, My platform is on version 11.4.1 HF 6. Could you help me to solutionate this? Thank you so much! Thank you so much.

Hello:

I have following cert

Common name: landing.XXXX.com SANs: landing.XXXX.com Organization: XXXX Inc. Location: XXXX, Illinois, US Valid from September 4, 2015 to December 3, 2018 Serial Number: 1356153356 (0x50d5420c) Signature Algorithm: sha256WithRSAEncryption Issuer: Entrust Certification Authority - L1K

Common name: Entrust Certification Authority - L1K

Organization: Entrust, Inc. Location: US Valid from October 10, 2014 to October 10, 2024 Serial Number: 1372455166 (0x51ce00fe) Signature Algorithm: sha256WithRSAEncryption Issuer: Entrust.net Certification Authority (2048)

Common name: Entrust.net Certification Authority (2048)

Organization: Entrust.net Valid from December 24, 1999 to July 24, 2029 Serial Number: 946069240 (0x3863def8) Signature Algorithm: sha1WithRSAEncryption Issuer: Entrust.net Certification Authority (2048)

cipher suite as following ECDHE+AES:ECDHE+3DES:RSA+3DES:!SSLv2:!SSLv3:!MD5:!EXPORT:!RC4

Latest version of Chrome: 45.0.2454.85 (64-bit)

Chrome complains following:

Your connection to landing.sirva.com is encrypted using an obsolete cipher suite. Further, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.

The connection uses TLS 1.2.

The connection is encrypted using AES_256_CBC, with HMAC-SHA1 for message authentication and RSA as the key exchange mechanism.