SSL length key

Question

Hi,a client is trying to reach a VS on BIG-IP system with a SSL key.That key is regularly trusted on the load balancer and its CA root and intermediate too, ma load balancer refused the communication. The response, captured via network trace, is only "handshake failure".Now, that SSL key has a&nbsp;size of 8192, and at this link:&nbsp;https://my.f5.com/manage/s/article/K01474701&nbsp;I can see that only&nbsp;4096 or 2048 are supported.Anyone knows a workaround for this issue?Thanks a lot

paulius · Accepted Answer

romolo82 This is a hard restriction from my understanding and that's a fairly recent article update so I do not see this being supported in the near future. I would even try not to use 4096 keys because I believe that still reduces your SSL transactions by half compared to 2048 keys.

whisperer · Answer

Use 2048 keys.If something more exotic is needed... pass it through and have the backend server check/verify instead.&nbsp;

romolo82 · Answer

Unfortunately it's a company's policy have SSL termination on the LB... I believe that using 2048 key is the only possibility.

Forum Discussion

SSL length key

3 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Securing SSL Keys on your BIG-IP

NGINXaaS for Azure: Azure Key Vault

extract LTM VS ssl profile binding cert and key information to generate a json with python f5-sdk

Re: Automate import of SSL Certificate, Key & CRL from BIG-IP to BIG-IQ

Character Length for Object Names