Hey folks! Spoiler: very tricky question ahead!
On diffie-hellman negotiation (TLSv1.2 and TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 cipher-suite to be more specific), the length of p (aka the size 1024/2048 bits) is dependent of just configuration or could the certificate issued influece it?
I ask this because I have two VS that share the same cipher-suites on the client-ssl profile but negotiate different sizes: one is 1024 and the other is 2048. And I read this K82014843 that BIG-IP is not supposed to use 2048 (as in it's not implemented) and to my surprised I'm getting 2048bits DH on my tests.
Any tips for me?
Solved! Go to Solution.
Hello Jaikumar! Thanks for the reply.
I will investigate it further. But will let you know.
Do you recommend any article/training that explain this? I wish to understand this type of thing better.