DHE key exchange: why is ephemeral key only 1024bit long?

David's point is older clients will not support ECDH, not that the F5 gear wouldn't be able to handle it I think. In that case, iRules do have the ability to do a client detect so you can use ECDH on appropriate incoming requests and drop others to a different SSL profile or some other function.

We support compact and other legacy ciphers for this reason but the issue is, once enabled, your application stops complying with whatever new issue arises against TLS. This is that double-edge sword... with the iRule though, we could detect regular traffic and comply with any "scan" and proper ITIL documentation could detail the caveats for legacy clients that don't support the new ciphers. These always boil down to business decisions on what is supportable.

But yes, if enabling ECDH is too much for a hardware appliance with SSL Hardware acceleration, the Apache box would most likely be toast.