cancel
Showing results for 
Search instead for 
Did you mean: 

How to enable PFS with backward compatibility on Brocade VTM 11.0 for a particular VS?

Highlighted
Occasional Contributor

How to enable PFS with backward compatibility on Brocade VTM 11.0 for a particular VS?

Hi,

 

I would like to enable PFS on a particular Virtual Server on Brocade VTM V11.0 with a compatibility for TLS 1.2 without PFS.

 

Can you please help me with this?

 

Regards,

khan

2 REPLIES
Occasional Contributor

Re: How to enable PFS with backward compatibility on Brocade VTM 11.0 for a particular VS?

@qasim02

 

I've moved the Thread from "Info & Feedback" <- is for Question related only for the Community

 

to vADC Forum

N/A

Re: How to enable PFS with backward compatibility on Brocade VTM 11.0 for a particular VS?


qasim02 wrote:

Hi,

 

I would like to enable PFS on a particular Virtual Server on Brocade VTM V11.0 with a compatibility for TLS 1.2 without PFS.

 

Can you please help me with this?

 

Regards,

khan


You can change the ciphers used by a particular virtual server, as well as which TLS versions to support, in the "SSL Decryption" section of its settings.

 

Using the following list of ciphers (not tested) should allow clients that support PFS to use it, while also supporting clients which don't:

 

SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA SSL_RSA_WITH_AES_256_GCM_SHA384 SSL_RSA_WITH_AES_256_CBC_SHA256 SSL_RSA_WITH_AES_256_CBC_SHA SSL_RSA_WITH_AES_128_GCM_SHA256 SSL_RSA_WITH_AES_128_CBC_SHA256 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA SSL_RSA_WITH_AES_128_CBC_SHA SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

 

I hope that helps.