Fortinet black logo

Handbook

Selecting the cipher suites available for SSL load balancing

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:68583
Download PDF

Selecting the cipher suites available for SSL load balancing

You can use the following command to view the complete list of cipher suites available for SSL offloading:

config firewall vip

edit <vip-name>

set type server-load-balance

set server-type https

set ssl-algorithm custom

config ssl-cipher-suites

edit 0

set cipher ?

In most configurations the matching cipher suite is automatically selected but you can limit the set of cipher suites that are available for a given SSL offloading configuration. For example, use the following command to limit an SSL load balancing configuration to use the three cipher suites that support ChaCha20 and Poly1305:

config firewall vip

edit <vip-name>

set type server-load-balance

set server-type https

set ssl-algorithm custom

config ssl-cipher-suites

edit 1

set cipher TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256

next

edit 2

set cipher TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256

next

edit 3

set cipher TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256

end

end

Selecting the cipher suites available for SSL load balancing

You can use the following command to view the complete list of cipher suites available for SSL offloading:

config firewall vip

edit <vip-name>

set type server-load-balance

set server-type https

set ssl-algorithm custom

config ssl-cipher-suites

edit 0

set cipher ?

In most configurations the matching cipher suite is automatically selected but you can limit the set of cipher suites that are available for a given SSL offloading configuration. For example, use the following command to limit an SSL load balancing configuration to use the three cipher suites that support ChaCha20 and Poly1305:

config firewall vip

edit <vip-name>

set type server-load-balance

set server-type https

set ssl-algorithm custom

config ssl-cipher-suites

edit 1

set cipher TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256

next

edit 2

set cipher TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256

next

edit 3

set cipher TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256

end

end