ecdhe
2 TopicsTMUI / Configuration WebUI - TLS/SSL Configuration - ECDHE
Hi All, I'm currently using BIG-IP 11.6.2 HF1. I'm required to secure the Management WebUI ciphers offered out. I'd prefer to drop all key exchange methods except for ECDHE. However, it seems modify sys httpd ssl-ciphersuite doesn't seem to acknowledge the existence of ECDHE. openssl ciphers -v identifies the presence, which I believe sys httpd ssl-ciphersuite utilises instead of tmm's cipher suites (since the sys httpd process runs outside of tmm), so I'd expect Apache HTTPd's mod_ssl would be leveraging this. So my question is, in three parts: Why doesn't sys httpd ssl-ciphersuite recognise ECDHE? Is there anyway to utilize ECDHE on sys httpd on 11.6.2 HF1? Does 12.x support this? Many thanks, JDSolved1KViews0likes12CommentsDisabling DHE
In order to get an A on SSL Labs, I believe I need to disable DHE and prioritize forward secrecy. I've found that the cipher "ECDHE:DEFAULT:!DHE:!3DES" seems to do the trick, but one thing I'm having trouble find out: What browsers will this affect negatively? Thanks!274Views0likes1Comment