LogJams, DHE Parameters, and Other Obstacles to TLS Excellence
Published Jul 07, 2015
Version 1.0Was this article helpful?
James, DH parameter rotation is on by default since F5 first implemented DHE ciphers (in TMOS v11.4.0). The rotation occurs every hour, though this fact is not publicly documented, as far as I can tell.
The Single DH option is also available in the client SSL profile. Single DH forces the generation of a new parameter on a per-handshake basis. This does incur a non-trivial amount of additional processing overhead, but can be useful in very high security environments.
Hope this helps.