Forum Discussion

Nimbostratus

Jan 23, 2020

Problem ssl validation

hello, I have a problem with an ssl validator, in https://validator.w3.org/feed/ Ciphers: DEFAULT:!RSA https://validator.w3.org/feed/ Error (Server returned [SSL: DH_KEY_TOO_SMALL] dh key too s...

MVP

Jan 25, 2020

Client SSL profile may be vulnerable to an Bleichenbacher attack against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. Inorder to correct you need to disable !RSA algorithm from cipher list.

It will help you to increase the ssl rating. I would suggest to add below cipher in client ssl profile( try in non prod application)

DEFAULT:ECDHE:!RSA:!DHE:!3DES

Hope it will help you.

Referenc link https://support.f5.com/csp/article/K21905460

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Problem ssl validation

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

TLSv1.3 validation not showing in SSL Labs

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Source_Addr Persistence Problems

ASM ser input type email doesn't allow valid emails

C3D first request problem

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS