Forum Discussion

saidshow_251381's avatar
saidshow_251381
Icon for Cirrostratus rankCirrostratus
Jul 26, 2016

DHE 1024 bits Vulnerability Solved?

Hi Guys,

 

I have 3 volumes on my Lab F5. - 11.6.0 - 11.6.0 with HotFix 6 - 12.1.0 with HotFix 1

 

I booted in to the 11.6.0 with HotFix 6 volume and performed an sslscan on the device and noted the DHE 1024 bits vulnerability many have already commented on in DevCentral. I then booted in to the volume running Ver 12.1 with HotFix 1 and performed the same scan and noted the DHE 1024 bits was no longer an issue. See below:

 

I have been looking around to try and find some documentation around the DHE 1024 bits vulnerability now being resolved in this latest version however I cannot find any document to support what I see in my scans. I'm going to install another volume running 12.0 to try and narrow down where what version or hotfix this change took place. If anyone knows where this change took place or can point me to the documentation that would be great. We are looking at upgrading from 11.6 HF6 to 12.1 HF1 in our production environment.

 

1024
12.1
application delivery
BIG-IP
dhe
dhe 1024
security

5 Replies

Sort By
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jul 26, 2016

    are you talking about weak DH / logjam here? a screenshot of the before situation would be nice to compare against.

     

    the SOL about it mentions that with default config the BIG-IP isn't vulnerable: http://support.f5.com/kb/en-us/solutions/public/16000/600/sol16674.html

     

    did the upgrade perhaps change cipher strings?

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 26, 2016

    What DHE vulnerability are you specifically talking about? The one Boneyard is talking about would only apply if you allow EXPORT ciphers. v12 is not vulnerable in this case because all of the COMPAT ciphers have been removed.

     

  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jul 26, 2016

    Hi,

     

    Are you talking about Scan on SSL Labs that show you that a weak cipher is used ?

     

  • saidshow_251381's avatar
    saidshow_251381
    Icon for Cirrostratus rankCirrostratus
    Jul 28, 2016

    Hi Everyone, thanks for your fast replies. Apologies for my delayed response. What I am referring to is best referenced here: https://devcentral.f5.com/questions/dhe-key-exchange-why-is-ephemeral-key-only-1024bit-long Below I have included sslscans on 2 volumes on my lab. The first shows the Volume running BIG IP Ver11.6 with HF6 installed. The second shows a volume with BIG IP Ver12.1 with HF1 installed. Both volumes are the standard setup without alteration of any ciphers on my behalf.

     

    On the first volume (11.6 + HF6) we see the 'DHE 1024bits' while in the second (12.1 + HF1) this is replaced with 'Curve P-256 DHE 256'.

     

    The reason for my interest on this is that DHE 1024 was identified by a third party in our environment on the F5s as something to address. None of our apps support DHE ciphers.

     

    VOLUME WITH 11.6 HF6:

     

     

    VOLUME WITH 12.1 HF1:

     

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 29, 2016

    The short answer is yes and no.

     

    F5 hasn't added support for 2048-bit DHE primes yet, so any sslscan or SSLLabs scan will downgrade your results because of what it believes is "weak DH".

     

    However, if you understand the concepts behind "weak DH" and how such an exploit might occur, and also take into consideration that the F5 platform automatically rotates its 1024-bit primes often, the threats associates with weak DH are minimized.

     

    If you just need to get an A+, then as of 12.1 and below you need to remove DHE from your cipher stack.