Security check for F5 URL

Question

Following issues related to F5 URL are observed at multiple places during security scan.&nbsp;
Critical : Insecure Transport: Insufficient Diffie Hellman Strength,  ID 80641927 : https://services-stg-oauth.cummins.com:443/atlasmobile/services?call=AtlasLogin-v3High: Insecure Transport: Weak SSL Protocol,  ID 80641930 : https://services-stg-oauth.cummins.com:443/atlasmobile/services?call=AtlasLogin-v3Medium: Insecure Deployment: OpenSSL , ID 80641928 : https://services-stg-oauth.cummins.com:443/atlasmobile/services?call=AtlasLogin-v3Medium: Insecure Transport: Weak SSL Protocol, ID 80641929 : https://services-stg-oauth.cummins.com:443/atlasmobile/services?call=AtlasLogin-v3
Also review the following SSL check that I ran on SSLLabs.com. Getting a B rating on the same :&nbsp;
https://www.ssllabs.com/ssltest/analyze.html?d=services-stg-oauth.cummins.com&nbsp;
Requesting you to look into this issue and let us know when it can be resolved.&nbsp;

michael_saleem · Answer

Hi,&nbsp;
The SSL labs report indicate you are using weak DH params (1024 bits)&nbsp;
I am assuming that you are terminating SSL on the F5 virtual server. To resolve this in the client SSL profile applied to the virtual server, disable DHE (but keep ECDHE enabled). It would also be a good idea to prioritise ECDHE so that it is at the top of the cipher suite preference order.&nbsp;

Forum Discussion

Security check for F5 URL

1 Reply

Recent Discussions

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Related Content

Using ChatGPT for security and introduction of AI security

ChatGPT and security - This Week in Security Feb 18th to Feb 25th, 2023

check may fail to detect Kaspersky Internet Security Anti-Virus

Avoiding Common iRules Security Pitfalls

My Security+ Certification Journey