vADC Forum

Reply
Occasional Contributor
Posts: 15
Registered: ‎11-30-2012

How to set Forward Secrecy for Traffic Virtual Server

On the STM (SteelApp) how can we setup:

Enable Forward Secrecy

Brocadian
Posts: 44
Registered: ‎04-15-2014

Re: How to set Forward Secrecy for Traffic Virtual Server

Hi Richard,

Are there any specific cipher suites you are looking for?

Regards,

Arun

Occasional Contributor
Posts: 15
Registered: ‎11-30-2012

Re: How to set Forward Secrecy for Traffic Virtual Server

Current have the following:

SSL_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

and would like to have Forward Secrecy enabled based on our scan

Security Labs: SSL Labs: Deploying Forward Secrecy | Qualys Community

Brocadian
Posts: 44
Registered: ‎04-15-2014

Re: How to set Forward Secrecy for Traffic Virtual Server

For each SSL decrypting virtual server, you can use the ssl_support_<version> and ssl_ciphers configuration options to configure the SSL/TLS versions individually by selecting the SSL/TLS versions and specifying the list of ciphers available for secure communication.

Specify your ciphers (in order of preference) in a space-, comma-, or colon-separated list, as shown in the following example:

SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

To use the global settings configured, leave the Virtual server SSL/TLS settings to defaults but specify the comma separated list of ciphers under System > Global Settings > SSL Configuration.

Brocadian
Posts: 44
Registered: ‎04-15-2014

Re: How to set Forward Secrecy for Traffic Virtual Server

Hi Richard,

Did my suggestion help your requirement?

Regards,

Arun

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.