Forum Discussion

Cirrus

Jan 24, 2017

SSL: Restrict Key Exchange Length

Hi, any idea how to restrict Key exchange protocols that are based on DHE or RSA protocols with keys not less than 2048-bits in length?

Nacreous

Unfortunately you can't - F5 only supports 1024 bits for DHE. In real-life terms this should be enough (unless the Russians are after you), however if scans are complaining then you'll need to disable DHE ciphers and use only ECDHE instead.

refra_151287

Cirrus

Jan 26, 2017

Thanks a lot, how can I know the key length for the other algorithms?

Recent Discussions

F5 looses the token for the first call
Dec 20, 2024
Ozzy
iRule - Url rewrite and header replace and pool selection not working
Dec 20, 2024
rct101
Switch ssl profile based on weak cipher detection via IRULE
Dec 20, 2024
aliasgar215
full-proxy HTTP2
Dec 20, 2024
former_newbie
Decode ObjectSID from Base64-encode string
Dec 20, 2024
Sefi_Miz

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL: Restrict Key Exchange Length

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

The Business Partner Exchange - An F5 Distributed Cloud Services Demonstration

Restrict Access to Exchange Administrative Center - Enhanced

SSL length key

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS