Last Modified: Apr 10, 2019
See more info
Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 11.6.4
Opened: Jun 10, 2015
"Single DH use" option in Client SSL or Server SSL profile was ignored in some cases.
"Single DH use" was always effectively "on" for DHE-based ciphersuites in any Server SSL profile. Single DH use had no effect for ECDHE ciphersuites in any SSL profile or DHE ciphersuites in any ClientSSL profile. The main benefit of the Single DH use is to provide true/ultimate perfect forward secrecy. The aim of such high security posture is to be able to claim that no encryption key resides in memory on BIG-IP beyond a single TLS session. This security posture requires disabling of TLS session reuse, TLS session ticket, and the matching behaviour of any TLS client. The benefit of this fix is to primarily address these high security needs. DHE ciphersuites on BIG-IP use periodically re-generated custom DHE groups in any SSL profile. The use of custom DHE groups implies that the massive pre-computation needed to efficiently solve DH discrete logarithm problem (DH DLP) is only helpful for the lifetime of a given DHE group. Provided that the DH DLP is easy, "Single DH use" doesn't materially slow down the DLP attacks. ECDHE groups provide sufficient security today making ECDHE DLP infeasible. Please refer to 2015 LogJam attack for the background.
"Single DH use" is set in Client SSL or Server SSL profile.
"Single DH use" option in Client SSL or Server SSL profiles now works for all configurations except high availability configuration.