Forum Discussion
NimbostratusVulnerability Diffie-Hellman F5
Hello,
I have a vulnerability ==> Diffie-Hellman group smaller than 2048 bits Someone can explain me, how i can modify my profile SSL Client ?
Thank you in advance for your feedback.
7 Replies
Samir_Jha_52506Noctilucent
You can disable
from current cipher list for specific client ssl profile. Go through link. It may help you.!DHE
EJM_358200Thank you for your response :)
wlopez_98779You'll need to edit the Ciphers field on the client ssl profile. If you haven't edited that field, you'll have the 'DEFAULT' cipher stack for the BigIP version you're running.
If you want to get rid of DHE ciphers all together you can fill the Ciphers field with:
DEFAULT:!DHE
If you want to see which cipher suites you currently have vs. which ones will be left with a new Ciphers value just issue the following command from the bash shell:
tmm --clientciphers DEFAULT
tmm --clientciphers 'DEFAULT:!DHE'
V14:
https://support.f5.com/csp/article/K54125331
V11-V13:
https://support.f5.com/csp/article/K13156
V10:
https://support.f5.com/csp/article/K10262
- EJM_358200
Thank you
wlopezCirrocumulus
You'll need to edit the Ciphers field on the client ssl profile. If you haven't edited that field, you'll have the 'DEFAULT' cipher stack for the BigIP version you're running.
If you want to get rid of DHE ciphers all together you can fill the Ciphers field with:
DEFAULT:!DHE
If you want to see which cipher suites you currently have vs. which ones will be left with a new Ciphers value just issue the following command from the bash shell:
tmm --clientciphers DEFAULT
tmm --clientciphers 'DEFAULT:!DHE'
V14:
https://support.f5.com/csp/article/K54125331
V11-V13:
https://support.f5.com/csp/article/K13156
V10:
https://support.f5.com/csp/article/K10262
- EJM_358200
Thank you
JGCumulonimbus
For your reference: https://devcentral.f5.com/questions/dhe-1024-bits-vulnerability-solved-47853.
