vADC Forum

Reply
Occasional Contributor
Posts: 6
Registered: ‎09-01-2016

How to enable PFS with backward compatibility on Brocade VTM 11.0 for a particular VS?

Hi,

 

I would like to enable PFS on a particular Virtual Server on Brocade VTM V11.0 with a compatibility for TLS 1.2 without PFS.

 

Can you please help me with this?

 

Regards,

khan

External Moderator
Posts: 4,857
Registered: ‎02-23-2004

Re: How to enable PFS with backward compatibility on Brocade VTM 11.0 for a particular VS?

@qasim02

 

I've moved the Thread from "Info & Feedback" <- is for Question related only for the Community

 

to vADC Forum

TechHelp24
Senior Member
Posts: 1
Registered: ‎09-27-2016

Re: How to enable PFS with backward compatibility on Brocade VTM 11.0 for a particular VS?


qasim02 wrote:

Hi,

 

I would like to enable PFS on a particular Virtual Server on Brocade VTM V11.0 with a compatibility for TLS 1.2 without PFS.

 

Can you please help me with this?

 

Regards,

khan


You can change the ciphers used by a particular virtual server, as well as which TLS versions to support, in the "SSL Decryption" section of its settings.

 

Using the following list of ciphers (not tested) should allow clients that support PFS to use it, while also supporting clients which don't:

 

SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA SSL_RSA_WITH_AES_256_GCM_SHA384 SSL_RSA_WITH_AES_256_CBC_SHA256 SSL_RSA_WITH_AES_256_CBC_SHA SSL_RSA_WITH_AES_128_GCM_SHA256 SSL_RSA_WITH_AES_128_CBC_SHA256 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA SSL_RSA_WITH_AES_128_CBC_SHA SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

 

I hope that helps.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.