Forum Discussion
Problem ssl validation
hello, I have a problem with an ssl validator, in https://validator.w3.org/feed/
Ciphers: DEFAULT:!RSA
https://validator.w3.org/feed/ Error (Server returned [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:727)
sslabs Calification B
removing :!RSA
Ciphers: DEFAULT:!LOW:!RC4:!MD5:!SHA1:!ADH:!DHE:!DES:!3DES:!EXP
https://validator.w3.org/feed/ ok
sslabs Calification F (sslab recommend removing RSA)
This server is vulnerable to the Return Of Bleichenbacher's Oracle Threat (ROBOT) vulnerability. Grade set to F. MORE INFO »
version. BIG-IP 11.6.0 Build 5.0.429 Hotfix HF5
Any ideas, what may be happening?
thanks
1 Reply
Client SSL profile may be vulnerable to an Bleichenbacher attack against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. Inorder to correct you need to disable !RSA algorithm from cipher list.
It will help you to increase the ssl rating. I would suggest to add below cipher in client ssl profile( try in non prod application)
DEFAULT:ECDHE:!RSA:!DHE:!3DES
Hope it will help you.
Referenc link https://support.f5.com/csp/article/K21905460
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com