cancel
Showing results for 
Search instead for 
Did you mean: 
Troja
Level 14

Qualys SSL check - MWG reverseproxy - Forward Secrecy (SSL)

Hi all,

i checked my McAfee reverse proxy environment with the Qualys SSL check. In my MWG configuration i changed the value for the SSL cipher. But there is one thing i cannot resolve.

Does anyone know how to activate Forward secrecy on MWG?

Cheers,

Thorsten

qualys.jpg

0 Kudos
2 Replies
btlyric
Level 12

Re: Qualys SSL check - MWG reverseproxy - Forward Secrecy (SSL)

In general, forward secrecy (PFS) should be enabled if you have the Diffie-Hellman (DHE/EDH, ECDHE) ciphers enabled.

0 Kudos
asabban
Level 17

Re: Qualys SSL check - MWG reverseproxy - Forward Secrecy (SSL)

Please note that MWG currently does not support EC ciphers. The output states that Forward Secrecy is not supported with SOME browsers... you may want to check the handshake simulation and verify which do not support Forward Secrecy. It seems for some versions of Internet Explorer on < WIndows 8 you need EC ciphers to set up forward secrecy. As MWG does not know them PFS currently fails for those browsers.

Best,

Andre