Forum Discussion

Nimbostratus

Dec 10, 2014

DHE key exchange: why is ephemeral key only 1024bit long?

Hello, during a recent analysis comparing security options provided by Apache httpd and F5 LTM we discovered that while Apache for RHEL/CentOS has lifted a limitation of 1024 bits for ephemeral ...

Nimbostratus

Mar 10, 2015

Not using DHE is what I will have to do if there isn't a way to specify 2048 or 4096 DH keys (like the example of the Linux box above). What we will lose (or in our case not get because we are upgrading from 10.2.4 and 11.3.0) is "Forward Secrecy" for slightly older clients that don't support ECDHE. They will have to rely on AES. And for the documentation about 1024 bit keys going from good to weak, that is located here on page 6 and the change record on page 8.

https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide.pdf

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

DHE key exchange: why is ephemeral key only 1024bit long?

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Bot Defense causing a lot of false positives

ASM allow specific url from outside country of geolocation ON

F5 DNS Logs in JSON Format

APM - Portal access - Issue

How to configure ssh access by key on F5OS

Related Content

Equinix and F5 Distributed Cloud Services: Business Partner Application Exchanges

Exchange 2016

WILS: Load Balancing and Ephemeral Port Exhaustion

Exchange 2019

Technical Impacts of Open Banking and Financial Data Exchange on Financial Systems

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS