Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

leonardo's avatar
leonardo
Icon for Nimbostratus rankNimbostratus
Jan 23, 2020

Problem ssl validation

hello, I have a problem with an ssl validator, in https://validator.w3.org/feed/   Ciphers: DEFAULT:!RSA https://validator.w3.org/feed/ Error (Server returned [SSL: DH_KEY_TOO_SMALL] dh key too s...
big-ip
LTM
security
ssl
Samir's avatar
Samir
Icon for MVP rankMVP
Jan 25, 2020

Client SSL profile may be vulnerable to an Bleichenbacher attack against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. Inorder to correct you need to disable !RSA algorithm from cipher list.

It will help you to increase the ssl rating. I would suggest to add below cipher in client ssl profile( try in non prod application)

DEFAULT:ECDHE:!RSA:!DHE:!3DES

Hope it will help you.

Referenc link ​https://support.f5.com/csp/article/K21905460