Forum Discussion

Nimbostratus

Apr 19, 2018

Weak DH Keys solved by !DHE?

Adding !DHE to the below F5 SSL profile cipher string (11.X & 12.X) resolved the below SSL Labs issue. DEFAULT:!LOW:!RC4:!MD5:!SHA1:!ADH:!DHE:!DES:!3DES:!EXP Resolved: Weak Diffie-Hellman (...

big-ip

security

Cumulonimbus

Apr 19, 2018

Please see https://devcentral.f5.com/questions/logjam-tls-vulnerability.

And DHE is not really an issue here, see: https://devcentral.f5.com/Portals/0/Cache/Pdfs/2807/logjams-dhe-parameters-and-other-obstacles-to-tls-excellence.pdf. SSLabs can only test the key size, and not F5's mitigation by way of regularly updating the ephemeral key.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Weak DH Keys solved by !DHE?

Jeff - May 2026 Featured F5er

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

Errors with AS3 3.56.0 with F5 17.5.1.6

certitcate error

Layered ASM for APM login page protection

migrate from serie I to R. Cluster LTM-GTM

APM URL encoding Hardening?

Related Content

Disabling Weak Ciphers

Disabling Specific Weak Cipher Suites

Solving for true-source IP with global load balancers in Google Cloud

LogJams, DHE Parameters, and Other Obstacles to TLS Excellence

Copilot’s Weakness, DeepSeek Data exposed, Backdoor in Contec CMS8000 & Apple's Zero-Day

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS