tmui
1 Topic
TMUI / Configuration WebUI - TLS/SSL Configuration - ECDHE
Hi All, I'm currently using BIG-IP 11.6.2 HF1. I'm required to secure the Management WebUI ciphers offered out. I'd prefer to drop all key exchange methods except for ECDHE. However, it seems modify sys httpd ssl-ciphersuite doesn't seem to acknowledge the existence of ECDHE. openssl ciphers -v identifies the presence, which I believe sys httpd ssl-ciphersuite utilises instead of tmm's cipher suites (since the sys httpd process runs outside of tmm), so I'd expect Apache HTTPd's mod_ssl would be leveraging this. So my question is, in three parts: Why doesn't sys httpd ssl-ciphersuite recognise ECDHE? Is there anyway to utilize ECDHE on sys httpd on 11.6.2 HF1? Does 12.x support this? Many thanks, JDSolved1KViews0likes12Comments