Forum Discussion
nathe
Feb 07, 2017Cirrocumulus
From Wikipedia
In Transport Layer Security (TLS), Diffie–Hellman key exchange-based PFSs (DHE-RSA, DHE-DSA) and elliptic curve Diffie–Hellman-based PFSs (ECDHE-RSA, ECDHE-ECDSA) are available.
To achieve this on the BIG-IP then you'll need to amend the Client SSL profile assigned to your virtual servers and prioritise Diffie-Hellman or Elliptic curve Diffie Hellman (or exclude all others of course). There is a lengthy DevCentral post here which will help you: Enabling PFS
Hope this helps,
N