Forum Discussion

EJM_358200's avatar
EJM_358200
Icon for Nimbostratus rankNimbostratus
Jan 30, 2019

Vulnerability Diffie-Hellman F5

Hello,   I have a vulnerability ==> Diffie-Hellman group smaller than 2048 bits Someone can explain me, how i can modify my profile SSL Client ?   Thank you in advance for your feedback.  
application delivery
BIG-IQ
LTM
security
wlopez's avatar
wlopez
Icon for Cirrocumulus rankCirrocumulus
Jan 30, 2019

You'll need to edit the Ciphers field on the client ssl profile. If you haven't edited that field, you'll have the 'DEFAULT' cipher stack for the BigIP version you're running.

 

If you want to get rid of DHE ciphers all together you can fill the Ciphers field with:

 

DEFAULT:!DHE

 

If you want to see which cipher suites you currently have vs. which ones will be left with a new Ciphers value just issue the following command from the bash shell:

 

tmm --clientciphers DEFAULT

 

tmm --clientciphers 'DEFAULT:!DHE'

 

V14:

 

https://support.f5.com/csp/article/K54125331

 

V11-V13:

 

https://support.f5.com/csp/article/K13156

 

V10:

 

https://support.f5.com/csp/article/K10262

 

  • EJM_358200's avatar
    EJM_358200
    Icon for Nimbostratus rankNimbostratus
    Feb 01, 2019

    Thank you