Forum Discussion
BAMcHenry
Jul 07, 2015Ret. Employee
Here's a bit more detail on why supporting DHE parameter lengths greater than 1024 is a non-trivial development effort, and ultimately doesn't return the value in security, given the alternatives: https://devcentral.f5.com/articles/logjams-dhe-parameters-and-other-obstacles-to-tls-excellence
Bear in mind that older clients not supporting DHE 2048 should support ECDHE as a PFS alternative of quality strength.