Hi Richard,

Are there any specific cipher suites you are looking for?

Regards,

Arun

Current have the following:

SSL_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

and would like to have Forward Secrecy enabled based on our scan

Security Labs: SSL Labs: Deploying Forward Secrecy | Qualys Community

For each SSL decrypting virtual server, you can use the ssl_support_<version> and ssl_ciphers configuration options to configure the SSL/TLS versions individually by selecting the SSL/TLS versions and specifying the list of ciphers available for secure communication.

Specify your ciphers (in order of preference) in a space-, comma-, or colon-separated list, as shown in the following example:

SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

To use the global settings configured, leave the Virtual server SSL/TLS settings to defaults but specify the comma separated list of ciphers under System > Global Settings > SSL Configuration.

Hi Richard,

Did my suggestion help your requirement?

Regards,

Arun