Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Jul 22, 2015

perfect forward secrecy

Can someone pls help me with the list of DHE cipher suites supports perfect forward secrecy?

1 Reply

Kevin_Stewart
Employee
Jul 22, 2015
DHE in and of itself provides PFS. If you do the following at the command line:

tmm --clientciphers 'DHE'

you'll see a bunch of DHE cipher suites from the NATIVE stack. Some of these are for SSLv3 and use DES, so probably best to trim that list a bit. It's also highly recommended these days to switch to ECDHE (also PFS). BIG-IP doesn't support DHE beyond 1024 bits, and even if it did you'd find more clients that support ECDHE than DHE with 2048, plus DHE 2048 is computationally expensive compared to elliptic curve.

Jeff - May 2026 Featured F5er

DevCentral News

series-devcentral-featured-members

AppWorld Berlin 2026 – iRules Contest Winning Results

DevCentral News

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Technical Articles

application delivery

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5