Forum Discussion

Nimbostratus

Jun 24, 2014

Disable Supported Elliptic Curves Extension from server

Hi, We see that our F5 load balancer running BIG-IP 11.5.1 Build 2.0.121 Hotfix HF2, is sending the extension for "elliptic curves" (id=10). For example, this is an extract from a debug using the c...

management

security

afedden_1985

Cirrus

Jun 25, 2014

I got some info on this, you can build a new client ssl profile and under advanced for cipher add an exclude to exclude the ECDHE ciphers In my 11.2 box it looks like this DEFAULT:!ADH:!EXPORT40:!EXP:!LOW:!ECDHE I added :!ECDHE That should explude the ECDHE ciphers. then apply the profile to your VIP or I guess if you wanted you could do that to your existing client ssl profile

Forum Discussion

Disable Supported Elliptic Curves Extension from server

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

F5 CIS, TLS Extensions, and troubleshooting

Supporting Elliptic Curve Cryptography

Support and Help for DevCentral and Offline Contact

Lightboard Lessons: Elliptic Curve Cryptography

Securing Applications using mTLS Supported by F5 Distributed Cloud