FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 25 - Server Load Balancing > SSL/TLS load balancing > Selecting the cipher suites available for SSL load balancing

Selecting the cipher suites available for SSL load balancing

You can use the following command to view the complete list of cipher suites available for SSL offloading:

config firewall vip

edit <vip-name>

set type server-load-balance

set server-type https

set ssl-algorithm custom

config ssl-cipher-suites

edit 0

set cipher ?

In most configurations the matching cipher suite is automatically selected but you can limit the set of cipher suites that are available for a given SSL offloading configuration. For example, use the following command to limit an SSL load balancing configuration to use the three cipher suites that support ChaCha20 and Poly1305:

config firewall vip

edit <vip-name>

set type server-load-balance

set server-type https

set ssl-algorithm custom

config ssl-cipher-suites

edit 1

set cipher TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256

next

edit 2

set cipher TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256

next

edit 3

set cipher TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256

end

end