Problem ssl validation

Question

hello, I have a problem with an ssl validator, in https://validator.w3.org/feed/

Ciphers: DEFAULT:!RSA

https://validator.w3.org/feed/ Error (Server returned [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:727)

sslabs Calification B

removing :!RSA

Ciphers: DEFAULT:!LOW:!RC4:!MD5:!SHA1:!ADH:!DHE:!DES:!3DES:!EXP

https://validator.w3.org/feed/ ok

sslabs Calification F (sslab recommend removing RSA)

This server is vulnerable to the Return Of Bleichenbacher's Oracle Threat (ROBOT) vulnerability. Grade set to F. MORE INFO »

BIG-IP SSL vulnerability

version. BIG-IP 11.6.0 Build 5.0.429 Hotfix HF5

Any ideas, what may be happening?

thanks

samir · Answer

Client SSL profile may be vulnerable to an Bleichenbacher attack against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. Inorder to correct you need to disable !RSA algorithm from cipher list.

It will help you to increase the ssl rating. I would suggest to add below cipher in client ssl profile( try in non prod application)

DEFAULT:ECDHE:!RSA:!DHE:!3DES

Hope it will help you.

Referenc link https://support.f5.com/csp/article/K21905460

Forum Discussion

Problem ssl validation

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Implementing SSL Orchestrator - Validation & Troubleshooting

POC: Validate JWT with iRule

Modernizing F5 BIG-IP Synchronized HA Pairs with Ansible Validated Content

iRule to accept client then SSL cert validation

APM Customization: Password Change Validation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS