NimbostratusHello,
I have a vulnerability ==> Diffie-Hellman group smaller than 2048 bits Someone can explain me, how i can modify my profile SSL Client ?
Thank you in advance for your feedback.
NoctilucentYou can disable
!DHE
NimbostratusThank you for your response :)
NimbostratusYou'll need to edit the Ciphers field on the client ssl profile. If you haven't edited that field, you'll have the 'DEFAULT' cipher stack for the BigIP version you're running.
If you want to get rid of DHE ciphers all together you can fill the Ciphers field with:
DEFAULT:!DHE
If you want to see which cipher suites you currently have vs. which ones will be left with a new Ciphers value just issue the following command from the bash shell:
tmm --clientciphers DEFAULT
tmm --clientciphers 'DEFAULT:!DHE'
V14:
https://support.f5.com/csp/article/K54125331
V11-V13:
https://support.f5.com/csp/article/K13156
V10:
https://support.f5.com/csp/article/K10262
NimbostratusThank you
CirrocumulusYou'll need to edit the Ciphers field on the client ssl profile. If you haven't edited that field, you'll have the 'DEFAULT' cipher stack for the BigIP version you're running.
If you want to get rid of DHE ciphers all together you can fill the Ciphers field with:
DEFAULT:!DHE
If you want to see which cipher suites you currently have vs. which ones will be left with a new Ciphers value just issue the following command from the bash shell:
tmm --clientciphers DEFAULT
tmm --clientciphers 'DEFAULT:!DHE'
V14:
https://support.f5.com/csp/article/K54125331
V11-V13:
https://support.f5.com/csp/article/K13156
V10:
https://support.f5.com/csp/article/K10262
NimbostratusThank you
CumulonimbusFor your reference: https://devcentral.f5.com/questions/dhe-1024-bits-vulnerability-solved-47853.