Skip to Main Content
Cloud Platform


This is an IBM Automation portal for Cloud Platform products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Status Not under consideration
Created by Guest
Created on Jan 12, 2023

Currently IBM HTTP Server is not support FFDHE ciphers.

IBM Http server is currently not supporting FFDHE cipher groups. 

 

Traditional finite-field-based Diffie-Hellman (DH) key exchange   during the Transport Layer Security (TLS) handshake suffers from a   number of security, interoperability, and efficiency shortcomings.   These shortcomings arise from lack of clarity about which DH group   parameters TLS servers should offer and clients should accept.

 

 Probably that might be a reason for not supporting this group of ciphers by IBM Http Server.

https://datatracker.ietf.org/doc/html/rfc7919 

Websphere Application Server is supporting this  group of ciphers as well. So Please let us know can this be a possibility that IHS will support this feature in near future 

Idea priority Medium
  • Guest
    Reply
    |
    Feb 10, 2023

    Thank you for the suggestion. ECDHE is the default and mandatory to implement TLS 1.3 key exchange. FFDHE is the only other valid TLS 1.3 key exchange, however, as you stated, IHS doesn’t support it. We do not anticipate this support being added in the foreseeable future, and given the unlikelihood that we would deliver this, we are declining the request rather than leaving it in an uncommitted state for an extended period of time. If you would like to discuss this decision further, please contact Graham Charters <charters@uk.ibm.com>.