Forum Discussion
Deltavista_1797
Nimbostratus
NimbostratusDHE key exchange: why is ephemeral key only 1024bit long?
Hello,
during a recent analysis comparing security options provided by Apache httpd and F5 LTM we discovered that while Apache for RHEL/CentOS has lifted a limitation of 1024 bits for ephemeral ...
DavidScottNortoNimbostratus
NimbostratusVery unfortunate that F5 doesn't seem to understand the impacts of not supporting legacy clients:( Why do they think I can drop 15% of my traffic? It looks like that means we will need to switch to L4 load balancing for many of our sites so we can use Apache function which is working.
That just leaves me with a dilemma of should I continue to spend so much money on F5 if all I can do is layer 4? Guess I will need to think more about my hardware refresh. Anybody looking at different gear that might solve the problem?
- JRahm
Admin
Hi David, is an iRule possible in your environment? You can use one to loop through the ciphers offered by the client and then select another profile for them, but the business logic for which non-supported clients you would actually still want to connect would still need to be developed.
