Follow

Issue: ssllabs report shows ECDH public server param reuse YES

Description

When running an SSL Labs report on your proxy, SSL Labs report shows this::

Screen_Shot_2022-11-16_at_8.49.30_PM.png

 

 

Environment

  • Silverline DDoS
  • Silverline WAF
  • Proxy/Proxies

 

Cause

Ephemeral Diffie Hellman (DHE, ECDHE) allows key reuse. Key reuse can allow a small subgroup of attacks when the DH parameters are not generated using strong primes (e.g. DSA). If strong primes are used, it is not strictly necessary to generate a new DH key during each handshake, but we do recommend this.

 

Resolution

Enable 'single-dh-use' option in SSL Profile Advanced Settings.

Screen_Shot_2022-11-16_at_8.25.57_PM.png

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request