Forum Discussion

Nimbostratus

Apr 19, 2018

Weak DH Keys solved by !DHE?

Adding !DHE to the below F5 SSL profile cipher string (11.X & 12.X) resolved the below SSL Labs issue. DEFAULT:!LOW:!RC4:!MD5:!SHA1:!ADH:!DHE:!DES:!3DES:!EXP Resolved: Weak Diffie-Hellman (...

BIG-IP

security

Cumulonimbus

Apr 20, 2018

Please see https://devcentral.f5.com/questions/logjam-tls-vulnerability.

And DHE is not really an issue here, see: https://devcentral.f5.com/Portals/0/Cache/Pdfs/2807/logjams-dhe-parameters-and-other-obstacles-to-tls-excellence.pdf. SSLabs can only test the key size, and not F5's mitigation by way of regularly updating the ephemeral key.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Weak DH Keys solved by !DHE?

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Disabling Weak Ciphers

Disabling Specific Weak Cipher Suites

Solving for true-source IP with global load balancers in Google Cloud

Copilot’s Weakness, DeepSeek Data exposed, Backdoor in Contec CMS8000 & Apple's Zero-Day

LogJams, DHE Parameters, and Other Obstacles to TLS Excellence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS