Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Dec 07, 2020

Is there a way on F5 to disable rsa_pss* signature algorithms?

I am having an issue with SSL decryption on my Palo Alto firewall in front of F5. It works with Internet Explorer, but not Firefox or Chrome. According to Palo Alto TAC, the issue is certain signature algorithms - see https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMR7CAO

Is there a way on F5 to disable rsa_pss* signature algorithms?

jaikumar_f5
Noctilucent
Dec 08, 2020
Yes this is doable from what I've learnt from articles. For this your Bigip needs to be on 14.x or above.
Beginning in 14.x you have the option to use Cipher Rule, where you can specify the list of signature algorithm for negotiation's.

Other than that, I dont see a method to achieve this.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming