Forum Discussion
CirrostratusImplementation of forward secrecy in LTM
Can any one please help me out how one can implement forward secrecy of PFS in F5 LTM devices.
11 Replies
- nitass
Employee
isn't it to choose cipher supporting pfs?
e.g.
[root@ve11a:Active:In Sync] config tmm --clientciphers ECDHE ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA 1: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA 2: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA 3: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 4: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 5: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA 6: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA 7: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA 8: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA 9: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA 10: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA 11: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 12: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA You just need to configure the SSL profile so that it only uses Diffie–Hellman based key exchange. Any cipher suite that include DH, DHE or ECDHE will do the job.
The following sulution gives indications on how to remove unwanted ciphers from the profile.
http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html?sr=36739985
Make sure you don't use RSA for key exchange as it is does not provide PFS.
- Good question, have been looking for the answer to this one too.
- nitass
I am using 11.3.0, and have executed the command tmm --clientciphers ECDHE but no data is available.
ECDHE is not available in 11.3.0. you can use another.
sol13163: SSL ciphers supported on BIG-IP platforms (11.x)
http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html Emi, elliptic curve "EC" based ciphers are only supported from BigIP version 11.4.0. If you upgrade to 11.4.0 and beyond, you should see the output provided by nitass. EC based ciphers are much faster and I would recommend that.
Some details here: http://support.f5.com/kb/en-us/solutions/public/12000/900/sol12982.html?sr=36740229
- nitass
can you try something like this?
[root@B3600-R67-S42:Active:Standalone] config tmsh show sys version Sys::Version Main Package Product BIG-IP Version 11.3.0 Build 2806.0 Edition Final Date Tue Nov 13 22:34:00 PST 2012 [root@B3600-R67-S42:Active:Standalone] config tmm --clientcipher 'DHE+HIGH:@STRENGTH' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 57 DHE-RSA-AES256-SHA 256 SSL3 Native AES SHA EDH/RSA 1: 57 DHE-RSA-AES256-SHA 256 TLS1 Native AES SHA EDH/RSA 2: 57 DHE-RSA-AES256-SHA 256 TLS1.1 Native AES SHA EDH/RSA 3: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Native AES SHA EDH/RSA 4: 57 DHE-RSA-AES256-SHA 256 DTLS1 Native AES SHA EDH/RSA 5: 22 DHE-RSA-DES-CBC3-SHA 192 SSL3 Native DES SHA EDH/RSA 6: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA EDH/RSA 7: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA EDH/RSA 8: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA EDH/RSA 9: 22 DHE-RSA-DES-CBC3-SHA 192 DTLS1 Native DES SHA EDH/RSA root@(B3600-R67-S42)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm profile client-ssl pfs-clientssl ltm profile client-ssl pfs-clientssl { app-service none ciphers DHE+HIGH:@STRENGTH } - nitass
One Quick Question nit, Currently i am using ciphers as ciphers SSLv3:TLSv1_2:TLSv1_1:!TLSv1:!RC4:!MD5:!EXP:!LOW:!EXPORT:!DES:@SPEED
next state will be like ciphers DHE+HIGH:SSLv3:TLSv1_2:TLSv1_1:!TLSv1:!RC4:!MD5:!EXP:!LOW:!EXPORT:!DES:@SPEED
you can display cipher suites using tmm --clientcipher command. and, as Pascal mentioned, sol13171 describes how to add/remove whatever cipher you want.
sol13171: Configuring the cipher strength for SSL profiles (11.x)
http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html?sr=36739985[root@B3600-R67-S42:Active:Standalone] config tmm --clientcipher 'SSLv3:TLSv1_2:TLSv1_1:!TLSv1:!RC4:!MD5:!EXP:!LOW:!EXPORT:!DES:@SPEED' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 47 AES128-SHA 128 SSL3 Native AES SHA RSA 1: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 2: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 3: 53 AES256-SHA 256 SSL3 Native AES SHA RSA 4: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 5: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 6: 10 DES-CBC3-SHA 192 SSL3 Native DES SHA RSA 7: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA 8: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 9: 51 DHE-RSA-AES128-SHA 128 SSL3 Native AES SHA EDH/RSA 10: 51 DHE-RSA-AES128-SHA 128 TLS1.1 Native AES SHA EDH/RSA 11: 51 DHE-RSA-AES128-SHA 128 TLS1.2 Native AES SHA EDH/RSA 12: 57 DHE-RSA-AES256-SHA 256 SSL3 Native AES SHA EDH/RSA 13: 57 DHE-RSA-AES256-SHA 256 TLS1.1 Native AES SHA EDH/RSA 14: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Native AES SHA EDH/RSA 15: 22 DHE-RSA-DES-CBC3-SHA 192 SSL3 Native DES SHA EDH/RSA 16: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA EDH/RSA 17: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA EDH/RSA 18: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 19: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA [root@B3600-R67-S42:Active:Standalone] config tmm --clientcipher 'DHE+HIGH:SSLv3:TLSv1_2:TLSv1_1:!TLSv1:!RC4:!MD5:!EXP:!LOW:!EXPORT:!DES:@SPEED' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 47 AES128-SHA 128 SSL3 Native AES SHA RSA 1: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 2: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 3: 53 AES256-SHA 256 SSL3 Native AES SHA RSA 4: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 5: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 6: 10 DES-CBC3-SHA 192 SSL3 Native DES SHA RSA 7: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA 8: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 9: 51 DHE-RSA-AES128-SHA 128 SSL3 Native AES SHA EDH/RSA 10: 51 DHE-RSA-AES128-SHA 128 TLS1.1 Native AES SHA EDH/RSA 11: 51 DHE-RSA-AES128-SHA 128 TLS1.2 Native AES SHA EDH/RSA 12: 57 DHE-RSA-AES256-SHA 256 SSL3 Native AES SHA EDH/RSA 13: 57 DHE-RSA-AES256-SHA 256 TLS1.1 Native AES SHA EDH/RSA 14: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Native AES SHA EDH/RSA 15: 57 DHE-RSA-AES256-SHA 256 DTLS1 Native AES SHA EDH/RSA 16: 22 DHE-RSA-DES-CBC3-SHA 192 SSL3 Native DES SHA EDH/RSA 17: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA EDH/RSA 18: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA EDH/RSA 19: 22 DHE-RSA-DES-CBC3-SHA 192 DTLS1 Native DES SHA EDH/RSA 20: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 21: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 
EmadThank you nit,its always nice to have you on devcentral for guidance. I was able to implement it while considering not to use insecure ciphers. But DEH seems to be slower than ECDHE. so I will upgrade my production boxes.
Also check SOL15194: Overview of the BIG-IP SSL/TLS cipher suite http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15194.html?sr=37255485
It gives you a pretty detailed description of the parameters and what to check for.
kridsanaCirrocumulus
So, If I want to deploy FS in ltm for my site.
I must use DHE or ECDHE cipher , Am I right?
