Problem ssl validation

Question

hello, I have a problem with an ssl validator, in https://validator.w3.org/feed/

Ciphers: DEFAULT:!RSA

https://validator.w3.org/feed/ Error (Server returned [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:727)

sslabs Calification B

removing :!RSA

Ciphers: DEFAULT:!LOW:!RC4:!MD5:!SHA1:!ADH:!DHE:!DES:!3DES:!EXP

https://validator.w3.org/feed/ ok

sslabs Calification F (sslab recommend removing RSA)

This server is vulnerable to the Return Of Bleichenbacher's Oracle Threat (ROBOT) vulnerability. Grade set to F. MORE INFO »

BIG-IP SSL vulnerability

version. BIG-IP 11.6.0 Build 5.0.429 Hotfix HF5

Any ideas, what may be happening?

thanks

samir · Answer

Client SSL profile may be vulnerable to an Bleichenbacher attack against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. Inorder to correct you need to disable !RSA algorithm from cipher list.

It will help you to increase the ssl rating. I would suggest to add below cipher in client ssl profile( try in non prod application)

DEFAULT:ECDHE:!RSA:!DHE:!3DES

Hope it will help you.

Referenc link https://support.f5.com/csp/article/K21905460

Forum Discussion

Problem ssl validation

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Rewrite uri translation not working

Related Content

Implementing SSL Orchestrator - Validation & Troubleshooting

iRule to accept client then SSL cert validation

APM Customization: Password Change Validation

Update Template Validity

Source_Addr Persistence Problems