[Operators] Key exchange score "C"
Thijs Alkemade
thijs at xnyhps.nl
Wed Feb 18 11:07:36 UTC 2015
On 18 feb. 2015, at 11:55, Daniele Ricci <daniele.athome at gmail.com> wrote:
> Hello,
> I just tested my server:
> https://xmpp.net/result.php?id=123022
>
> I can understand the cipher score, but why the key exchange is "C"? I
> can't see anything bad in the certificates section. Unless it's
> related to something else...
>
> Thanks
> --
> Daniele
Hi Daniele,
You have a number of EXPORT ciphers enabled (EXP-EDH-RSA-DES-CBC-SHA, EXP-
RC4-MD5 and EXP-DES-CBC-SHA). These exist to comply with laws that forbid
exporting cryptographic software that uses asymmetric keys of more than 512
bits. They do this by creating a new, temporary 512 bit RSA key for the
handshake. That's absolutely not large enough to be secure anymore, so it
reduces the key exchange grade to C.
I hope this helps,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150218/7d5c50b2/attachment.sig>
More information about the Operators
mailing list