Forum Discussion

Nimbostratus

Dec 10, 2014

DHE key exchange: why is ephemeral key only 1024bit long?

Hello, during a recent analysis comparing security options provided by Apache httpd and F5 LTM we discovered that while Apache for RHEL/CentOS has lifted a limitation of 1024 bits for ephemeral ...

Ret. Employee

Jul 07, 2015

Here's a bit more detail on why supporting DHE parameter lengths greater than 1024 is a non-trivial development effort, and ultimately doesn't return the value in security, given the alternatives: https://devcentral.f5.com/articles/logjams-dhe-parameters-and-other-obstacles-to-tls-excellence

Bear in mind that older clients not supporting DHE 2048 should support ECDHE as a PFS alternative of quality strength.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

DHE key exchange: why is ephemeral key only 1024bit long?

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

The Business Partner Exchange - An F5 Distributed Cloud Services Demonstration

Rustls with NGINX, Password Based Key Exchange, & Llama Drama

Exchange 2016

MS Exchange ProxyNotShell block implemented via iRules

Exchange 2019

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS