Tag Archives: Cipher Suite

F5 SSL Profile: “Single DH use” not working?

2015-05-28Crypto, F5 Networks, TLSCipher Suite, Diffie-Hellman, F5, Logjam, OpenSSL, Perfect Forward Secrecy, PFS, Prime, Public Key, TLS, tsharkJohannes Weber

In the paper of the Logjam attack, a sentence about the F5 load balancers confused me a bit: “The F5 BIG-IP load balancers and hardware TLS frontends will reuse $g^{b}$ unless the “Single DH” option is checked.” This sounds like “it does NOT use a fresh/ephemeral diffie-hellman key for new connections”. I always believed, that when a cipher suite with EDH/DHE is chosen, the diffie-hellman key exchange always generates a new $b$ for computing $g^{b}$ . Hm.

Therefore, I tested this “Single DH use” option on my lab F5 unit, in order to find out whether the same public key (as noted in Wireshark) is used for more than one session.

Continue reading F5 SSL Profile: “Single DH use” not working? →

Apache SSL Cipher Suites: Perfect Forward Secrecy

2014-10-21Crypto, Memorandum, TLSApache, Cipher Suite, Crypto, Diffie-Hellman, OpenSSL, outdated, Perfect Forward Secrecy, Qualys SSL Labs, TLSJohannes Weber

I was interested to tune my https sites with Apache to support only cipher suites that use the ephemeral Diffie-Hellman key exchange = perfect forward secrecy. But after searching a while through the Internet, only SSLCipherSuite with a few concrete algorithms were presented, while I wanted to use a more generic option such as known from “!MD5”. Here it is:

Continue reading Apache SSL Cipher Suites: Perfect Forward Secrecy →

Weberblog.net

IT-Security, Networks, IPv6, VPN, DNSSEC, NTP

Tag Archives: Cipher Suite

F5 SSL Profile: “Single DH use” not working?

Apache SSL Cipher Suites: Perfect Forward Secrecy