What is max length of SSL key we can use on LTM?

Question

Can I use an SSL Cert with a 4096 bit long key?  If not, what needs to be adjusted to make this work?  Thanks.

steve_87232 · Answer

Anyone have an update on this? Does 10.x support 4096? I can't seem to verify the answer.

hooleylist · Answer

Hi Steve, 
&nbsp;  
&nbsp; Apparently for client or server SSL, you can use certs/keys larger than 2048 bits if you use software SSL decryption:  
&nbsp;  
&nbsp;   
&nbsp; From case C564817:  
&nbsp; You can specify a cipher string of "DEFAULT:!NATIVE" and the "!NATIVE" will rule out using the acceleration card and just use software.  
&nbsp; &nbsp;  
&nbsp;  
&nbsp; This is also noted in SOL10580: 
&nbsp;  
&nbsp; SOL10580: The SSL key size is limited when using hardware acceleration   
&nbsp; https://support.f5.com/kb/en-us/solutions/public/10000/500/sol10580.html 
&nbsp;  
&nbsp; If you open a case with F5 you can ask to have your request added to CR124105.  
&nbsp;  
&nbsp; Aaron

Forum Discussion

What is max length of SSL key we can use on LTM?

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

Related Content

SSL length key

Arabic Blackboard F5 series [LTM Idea] باللغة العربية

Variable Length URI Lookup

Virtual Server graphical App for F5 LTM

Monitor LTM policy