Tom_K
Jan 16, 2020Nimbostratus
TLS 1.3 on Bigip 14.1.2.3
I have enabled TLS 1.3 on BigIp version 14.1.2.3 and when I run the test for the site at ssllabs the best grade I can get is a "B" with this message.
"This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B"
However when I disable TLS 1.3 I get an "A+" grade.
Any thoughts or suggestions or anyone been able to get an "A" grade after enabling TLS 1.3 ?
I have tried about a half dozen different cipher strings without success.
I am not sure what to use for DH groups or signature algorithms.
Setup is much different for TLS 1.3
my cipher string pre TLS 1.3 is @STRENGTH:!TLSv1:!3DES:ECDHE:!DHE:DEFAULT
which gets me an "A" grade at sslabs for all of my sites.