[Operators] ECDSA certs score F

Dave Cridland dave at cridland.net
Wed Aug 6 08:14:04 UTC 2014


Without an RSA cert at all, can a remote server with only RSA negotiate TLS?


On 5 August 2014 19:30, shmick at riseup.net <shmick at riseup.net> wrote:

> ?
>
> shmick at riseup.net wrote:
> >
> > hi,
> >
> > i was testing an xmpp server and i believe its wrong to reduce the
> > score because of the cert which is reported < 1024 bits
> >
> > i think the testing backend only assumes an RSA cert, is that right ?
> >
> > the server i tested is using a cert in a pure ECC chain with ECDSA 384
> > and not a standard RSA cert
> >
> > can you re-configure the xmpp tester to recognise ecdsa certs as not
> > being low quality and grading the score to F ?
> >
> > see
> >
> > https://xmpp.net/result.php?id=46868
> > https://xmpp.net/result.php?id=46871
> >
> > the TLSA records didn't seem to be detected either
> >
> > i dont know what's up with the s2s though
> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140806/69e6d084/attachment.html>


More information about the Operators mailing list