we have to recompile openssl on F5

Question

hello 
By default OpenSSL uses a custom build system to configure the library. But we face a issue with client , for some reason we cannot change properties of TLS client (carte CPS firmware )&nbsp;
In orde to solve the issue we have to re-compile openssl with the option -DOPENSSL_NO_SHA512 .This option not allow the client to choose Sha512 with the server for the TLS connection.&nbsp;
But we don't understand how to perform this action.
Could you please help us ?&nbsp;

devbabu · Answer

Where do you want to disable SHA512, between Client and VIP or VIP and Server. Is ssl offloaded on F5.&nbsp;

jbrunetext_2297 · Answer

We use the TMOS 10.2.4 plateform. The issue is on server F5, we haven't set the ssl offloaded on F5, we use the basic configuration however the TLS/SSL protocol always choose the best protocol sign hash "SHA512" but our SD card is not compatible with SHA512. We need to disabled the SHA512 in order to connect the client browser with SDcard on F5.

Forum Discussion

we have to recompile openssl on F5

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

License activation

Syslog server not visible in GUI

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

Related Content

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

Building an OpenSSL Certificate Authority - Creating ECC Certificates

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Building an OpenSSL Certificate Authority - Creating Your Intermediary Certificate

OpenSSL HeartBleed, CVE-2014-0160

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS