Is there a way on F5 to disable rsa_pss* signature algorithms?

Question

I am having an issue with SSL decryption on my Palo Alto firewall in front of F5. It works with Internet Explorer, but not Firefox or Chrome. According to Palo Alto TAC, the issue is certain signature algorithms - see https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMR7CAO

jaikumar_f5 · Answer

Yes this is doable from what I've learnt from articles. For this your Bigip needs to be on 14.x or above.

Beginning in 14.x you have the option to use Cipher Rule, where you can specify the list of signature algorithm for negotiation's.

Other than that, I dont see a method to achieve this.

Forum Discussion

Is there a way on F5 to disable rsa_pss* signature algorithms?

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Add ssh-rsa to 17.1.1 host key algorithm

TCP Nagle Algorithm

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Intro to Load Balancing for Developers – The Algorithms