[Operators] ECDSA certs score F

Kim Alvefur zash at zash.se
Wed Aug 6 14:26:02 UTC 2014


On 2014-08-06 10:14, Dave Cridland wrote:
> Without an RSA cert at all, can a remote server with only RSA negotiate TLS?

Sure they can.  But here the only non-ECDSA-ciphers offered are DHE
ones, so for another server to support incoming connections from
mqas.net they need to have DH parameters set up.  At least prosody
requires the operator to generate and configure those themselves, so
there is no EDH out of the box, only ECDHE.

So I would recommend that the operator of mqas.net enable some ECDHE
ciphers if they want better interoperability.

--
Kim "Zash" Alvefur

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140806/bf9b04db/attachment.sig>


More information about the Operators mailing list