How do I provide robust support for Perfect Forward Secrecy with modern web browsers and FTPS clients?

First, make sure you are running the latest Cerberus FTP Server release. The steps and guidance below only apply to the latest official release.

Enabling strong support for Perfect Forward Secrecy (PFS) requires a carefully crafted SSL cipher string to enable and prioritize the appropriate key exchange suites.

The SSL cipher string can be accessed and changed on the Security>Advanced TLS page of the Server Manager.

EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!CAMELLIA