RSA key exchange is obsolete. Enable an ECDHE-based cipher suite

Hi Qasim,

You are seeing that message as RSA is being used as key exchange algorithm. You should consider using ECDHE_RSA for key exchange instead.

Here is how I would solve it.

Requirements:

1) force the use of TLS 1.2

2) Disable RSA as Key exchange algorithm

Steps:

1) go to Client SSL profile you want to edit.

2) Select Advanced Configuration and tick customisation button for Ciphers.

3) Copy and paste the following string

DEFAULT:!TLSv1:!TLSv1_1:!TLSv1_3:!DTLSv1:!DHE:!RSA

Following is the screenshot of client SSL profile I have created to illustrate to you.

Hope this helps.

Please let me know if you have any questions.

-Nag