hello, I have a problem with an ssl validator, in https://validator.w3.org/feed/
https://validator.w3.org/feed/ Error (Server returned [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:727)
sslabs Calification B
sslabs Calification F (sslab recommend removing RSA)
version. BIG-IP 11.6.0 Build 5.0.429 Hotfix HF5
Any ideas, what may be happening?
Client SSL profile may be vulnerable to an Bleichenbacher attack against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. Inorder to correct you need to disable !RSA algorithm from cipher list.
It will help you to increase the ssl rating. I would suggest to add below cipher in client ssl profile( try in non prod application)
Hope it will help you.
Referenc link https://support.f5.com/csp/article/K21905460