@qasim02 wrote: Hi, I would like to enable PFS on a particular Virtual Server on Brocade VTM V11.0 with a compatibility for TLS 1.2 without PFS. Can you please help me with this? Regards, khan You can change the ciphers used by a particular virtual server, as well as which TLS versions to support, in the "SSL Decryption" section of its settings. Using the following list of ciphers (not tested) should allow clients that support PFS to use it, while also supporting clients which don't: SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA SSL_RSA_WITH_AES_256_GCM_SHA384 SSL_RSA_WITH_AES_256_CBC_SHA256 SSL_RSA_WITH_AES_256_CBC_SHA SSL_RSA_WITH_AES_128_GCM_SHA256 SSL_RSA_WITH_AES_128_CBC_SHA256 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA SSL_RSA_WITH_AES_128_CBC_SHA SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 I hope that helps.
... View more