Forum Discussion

Nimbostratus

Dec 10, 2014

DHE key exchange: why is ephemeral key only 1024bit long?

Hello, during a recent analysis comparing security options provided by Apache httpd and F5 LTM we discovered that while Apache for RHEL/CentOS has lifted a limitation of 1024 bits for ephemeral ...

Nimbostratus

Mar 10, 2015

I am quite familiar with all of those documents. That is precisely how I have put together my cipher string. Here it is, nothing weak is in there.

ECDHE:AES-GCM+RSA:DHE:AES+RSA:!DTLSv1:!RC4:!3DES:!SSLv3:!LOW:@STRENGTH:+TLSv1_1:+TLSv1

This has NOTHING to do with the cipher itself! It has to do with (from what I can tell) the Diffe-Hellman parameters that don't appear to be configurable on the F5.

https://wiki.openssl.org/index.php/Diffie-Hellman_parameters

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

DHE key exchange: why is ephemeral key only 1024bit long?

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

The Business Partner Exchange - An F5 Distributed Cloud Services Demonstration

Rustls with NGINX, Password Based Key Exchange, & Llama Drama

Exchange 2016

MS Exchange ProxyNotShell block implemented via iRules

Exchange 2019

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS