For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Patrick_Chang_7's avatar
Patrick_Chang_7
Historic F5 Account
Apr 08, 2009

What is max length of SSL key we can use on LTM?

Can I use an SSL Cert with a 4096 bit long key? If not, what needs to be adjusted to make this work? Thanks.
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 20, 2009
Hi Steve,

 

 

Apparently for client or server SSL, you can use certs/keys larger than 2048 bits if you use software SSL decryption:

 

 

 

From case C564817:

 

You can specify a cipher string of "DEFAULT:!NATIVE" and the "!NATIVE" will rule out using the acceleration card and just use software.

 

 

 

 

This is also noted in SOL10580:

 

 

SOL10580: The SSL key size is limited when using hardware acceleration

 

https://support.f5.com/kb/en-us/solutions/public/10000/500/sol10580.html

 

 

If you open a case with F5 you can ask to have your request added to CR124105.

 

 

Aaron