Disable DHE Ciphers - SSL Parent Profile
I'm currently running 11.6.0 on most of my devices and am looking to upgrade passed version 12.0 in the near future. Looking at the iHealth Upgrade Advisor, I need to disable DHE ciphers on all of my Server SSL Profiles before upgrading. I added DEFAULT:!EXPORT:!DHE to one of my Server SSL Profiles and it is no longer getting flagged in iHealth. Can I add that string to the Server SSL parent profile, or do I have to add that to each profile individually? Will updating the parent profile have any adverse effects on my other profiles, or would the Cipher settings be the only thing that changes?
DHE 1024 bits Vulnerability Solved?
Hi Guys, I have 3 volumes on my Lab F5. - 11.6.0 - 11.6.0 with HotFix 6 - 12.1.0 with HotFix 1 I booted in to the 11.6.0 with HotFix 6 volume and performed an sslscan on the device and noted the DHE 1024 bits vulnerability many have already commented on in DevCentral. I then booted in to the volume running Ver 12.1 with HotFix 1 and performed the same scan and noted the DHE 1024 bits was no longer an issue. See below: I have been looking around to try and find some documentation around the DHE 1024 bits vulnerability now being resolved in this latest version however I cannot find any document to support what I see in my scans. I'm going to install another volume running 12.0 to try and narrow down where what version or hotfix this change took place. If anyone knows where this change took place or can point me to the documentation that would be great. We are looking at upgrading from 11.6 HF6 to 12.1 HF1 in our production environment.
