Forum Discussion

Nimbostratus

Dec 10, 2014

DHE key exchange: why is ephemeral key only 1024bit long?

Hello, during a recent analysis comparing security options provided by Apache httpd and F5 LTM we discovered that while Apache for RHEL/CentOS has lifted a limitation of 1024 bits for ephemeral ...

Nimbostratus

Mar 10, 2015

Not using DHE is what I will have to do if there isn't a way to specify 2048 or 4096 DH keys (like the example of the Linux box above). What we will lose (or in our case not get because we are upgrading from 10.2.4 and 11.3.0) is "Forward Secrecy" for slightly older clients that don't support ECDHE. They will have to rely on AES. And for the documentation about 1024 bit keys going from good to weak, that is located here on page 6 and the change record on page 8.

https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide.pdf

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

DHE key exchange: why is ephemeral key only 1024bit long?

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

The Business Partner Exchange - An F5 Distributed Cloud Services Demonstration

Rustls with NGINX, Password Based Key Exchange, & Llama Drama

Exchange 2016

MS Exchange ProxyNotShell block implemented via iRules

Exchange 2019

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS