Remediating Logjam: an iRule Countermeasure

@EvanH; Building on brainhub's response, the NATIVE cipher suites are version and hardware/software dependent. We're expecting the BigIP admin to have this knowledge in hand when referencing the topic. Our F5-validated and official support stances can all be found at support.f5.com. In this case, the NATIVE suites for different TMOS versions can be found here: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html You can also create custom cipher "lists" for the SSL profiles and then assign them to new templates and is also available via the support web site, here's a good starting point for all things SSL. https://support.f5.com/kb/en-us/solutions/public/8000/800/sol8802.html Related to the lack of data related to DH above 1024. I've asked F5 internal to review the LTM Support for higher-bit DH keys (I was in that thread) because I think the denial for support mentioned at the bottom was misleading. However, anything official to F5 support will be on the support site. The DC team will republish anything related to this just to ensure audience awareness and publish back to that original article too. Hope this helps answer a few of your questions. *this does not save formatting well, I'll have that fixed!*