cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Problem ssl validation

leonardo
Nimbostratus
Nimbostratus

hello, I have a problem with an ssl validator, in https://validator.w3.org/feed/

 

Ciphers: DEFAULT:!RSA

https://validator.w3.org/feed/ Error (Server returned [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:727)

sslabs Calification B

 

 

removing :!RSA

 

Ciphers: DEFAULT:!LOW:!RC4:!MD5:!SHA1:!ADH:!DHE:!DES:!3DES:!EXP

https://validator.w3.org/feed/ ok

sslabs Calification F (sslab recommend removing RSA)

This server is vulnerable to the Return Of Bleichenbacher's Oracle Threat (ROBOT) vulnerability. Grade set to F. MORE INFO »

BIG-IP SSL vulnerability

 

 

version. BIG-IP 11.6.0 Build 5.0.429 Hotfix HF5

 

Any ideas, what may be happening?

 

thanks

1 REPLY 1

Samir
Nacreous
Nacreous

Client SSL profile may be vulnerable to an Bleichenbacher attack against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. Inorder to correct you need to disable !RSA algorithm from cipher list.

It will help you to increase the ssl rating. I would suggest to add below cipher in client ssl profile( try in non prod application)

DEFAULT:ECDHE:!RSA:!DHE:!3DES

Hope it will help you.

Referenc link ​https://support.f5.com/csp/article/K21905460