Forum Discussion

saidshow_251381's avatar
saidshow_251381
Icon for Cirrostratus rankCirrostratus
Jul 26, 2016

DHE 1024 bits Vulnerability Solved?

Hi Guys,   I have 3 volumes on my Lab F5. - 11.6.0 - 11.6.0 with HotFix 6 - 12.1.0 with HotFix 1   I booted in to the 11.6.0 with HotFix 6 volume and performed an sslscan on the device and note...
1024
12.1
application delivery
BIG-IP
dhe
dhe 1024
security
saidshow_251381's avatar
saidshow_251381
Icon for Cirrostratus rankCirrostratus
Jul 28, 2016

Hi Everyone, thanks for your fast replies. Apologies for my delayed response. What I am referring to is best referenced here: https://devcentral.f5.com/questions/dhe-key-exchange-why-is-ephemeral-key-only-1024bit-long Below I have included sslscans on 2 volumes on my lab. The first shows the Volume running BIG IP Ver11.6 with HF6 installed. The second shows a volume with BIG IP Ver12.1 with HF1 installed. Both volumes are the standard setup without alteration of any ciphers on my behalf.

 

On the first volume (11.6 + HF6) we see the 'DHE 1024bits' while in the second (12.1 + HF1) this is replaced with 'Curve P-256 DHE 256'.

 

The reason for my interest on this is that DHE 1024 was identified by a third party in our environment on the F5s as something to address. None of our apps support DHE ciphers.

 

VOLUME WITH 11.6 HF6:

 

 

VOLUME WITH 12.1 HF1: