cancel
Showing results for 
Search instead for 
Did you mean: 

Forward Secrecy on 8.1?

Highlighted
Contributor

Forward Secrecy on 8.1?

We're running a PSA with 8.1 R7.

Qualys SSL Scan gives an A- which is good but it falls a little short due to FS being disabled with most browsers.

Google Chrome also shows we're using an "obsolete" cipher suite.

In the PSA I have everything set to "most secure" so TLS1.2, 168bit, 2048 DHE and I cannot see what more I can physically set?
3 REPLIES 3
Highlighted
Pulser

Re: Forward Secrecy on 8.1?

A KB on Forward Secrecy
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB28070/
Highlighted
Contributor

Re: Forward Secrecy on 8.1?

Yes I saw that, but whatever I do, even with FIPS, I get Chrome warn about obsolete ciphers.
Highlighted
Community Manager

Re: Forward Secrecy on 8.1?

Hello Hutch,

This may be partly due to the ordering of the cipher suites. We are making some changes in a future maintenance release to allow the admin to select what specific cipher suites to support and adjust the ordering.

Currently, the way to get FS cipher suites at the top is installing an ECC device certificate.