Forum Discussion

Cirrus

Jul 06, 2023

SSL length key

Hi,

a client is trying to reach a VS on BIG-IP system with a SSL key.

That key is regularly trusted on the load balancer and its CA root and intermediate too, ma load balancer refused the communication. The response, captured via network trace, is only "handshake failure".

Now, that SSL key has a size of 8192, and at this link: https://my.f5.com/manage/s/article/K01474701 I can see that only 4096 or 2048 are supported.

Anyone knows a workaround for this issue?

Thanks a lot

application delivery

Paulius
Jul 06, 2023
romolo82 This is a hard restriction from my understanding and that's a fairly recent article update so I do not see this being supported in the near future. I would even try not to use 4096 keys because I believe that still reduces your SSL transactions by half compared to 2048 keys.

Paulius
MVP
Jul 06, 2023
romolo82 This is a hard restriction from my understanding and that's a fairly recent article update so I do not see this being supported in the near future. I would even try not to use 4096 keys because I believe that still reduces your SSL transactions by half compared to 2048 keys.
whisperer
MVP
Jul 06, 2023
Use 2048 keys.
If something more exotic is needed... pass it through and have the backend server check/verify instead.
- romolo82
  Cirrus
  Jul 07, 2023
  Unfortunately it's a company's policy have SSL termination on the LB... I believe that using 2048 key is the only possibility.