For devices running 8.2 and later
Starting in PCS 8.2 and later, granular cipher suites feature was introduced allowing the administrator to select the specific cipher suites and adjust the cipher suite order. As part of this feature, the Perfect Forward Secrecy option was added to provide an simple configuration to support only PFS cipher suites.
For devices running between 7.4 to 8.1
ECDHE ciphers are available in the supported cipher list. The client presents a list of supported ciphers in the SSL/TLS handshake and PCS will pick the cipher from this list that is highest up the ordered list.
ECDHE Ciphers supported by PCS are:
With Elliptic-Curve Cryptography (ECC) certificates:
With RSA Certificates:
See Chapter 45, FIPS Level 1 Support (Software FIPS), in the PCS 7.4 or later Admin Guide for more information on the ciphers and the their ordering on the SA.
Note: ECC certificates are currently only supported on MAG and Virtual Appliance platforms, they are not usable on SAx500 devices. See Chapter 32, Elliptic Curve Cryptography, in the 7.4 or later Admin Guide for more details on these certificates and setting custom cipher options.