FortiOS 5.6 Online Help Link FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link
> Chapter 26 - Server Load Balancing > SSL/TLS load balancing > Selecting the cipher suites available for SSL load balancing

Home > Online Help

Selecting the cipher suites available for SSL load balancing

You can use the following command to view the complete list of cipher suites available for SSL offloading:

config firewall vip

edit <vip-name>

set type server-load-balance

set server-type https

set ssl-algorithm custom

config ssl-cipher-suites

edit 0

set cipher ?

In most configurations the matching cipher suite is automatically selected but you can limit the set of cipher suites that are available for a given SSL offloading configuration. For example, use the following command to limit an SSL load balancing configuration to use the three cipher suites that support ChaCha20 and Poly1305:

config firewall vip

edit <vip-name>

set type server-load-balance

set server-type https

set ssl-algorithm custom

config ssl-cipher-suites

edit 1

set cipher TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256

next

edit 2

set cipher TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256

next

edit 3

set cipher TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256

end

end