Olivier BOËL

Grade capped to "B" due to weak DH parameter

Discussion created by Olivier BOËL on Oct 16, 2019
Latest reply on Oct 16, 2019 by Keith Shaw



Ssltest reports "This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B".

Certificate is backed by BigIP F5, which is limited to 1024 DH primes but is not subject to the threat as it implements a rotation of the primes (see DevCentral).
Could you please consider look at the primes or test the implementation of the 1024bit DH primes to ensure they're not the "known" primes?