[Operators] Key exchange score "C"

Thijs Alkemade thijs at xnyhps.nl
Wed Feb 18 11:07:36 UTC 2015


On 18 feb. 2015, at 11:55, Daniele Ricci <daniele.athome at gmail.com> wrote:

> Hello,
> I just tested my server:
> https://xmpp.net/result.php?id=123022
> 
> I can understand the cipher score, but why the key exchange is "C"? I
> can't see anything bad in the certificates section. Unless it's
> related to something else...
> 
> Thanks
> -- 
> Daniele

Hi Daniele,

You have a number of EXPORT ciphers enabled (EXP-EDH-RSA-DES-CBC-SHA, EXP-
RC4-MD5 and EXP-DES-CBC-SHA). These exist to comply with laws that forbid
exporting cryptographic software that uses asymmetric keys of more than 512
bits. They do this by creating a new, temporary 512 bit RSA key for the
handshake. That's absolutely not large enough to be secure anymore, so it
reduces the key exchange grade to C.

I hope this helps,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150218/7d5c50b2/attachment.sig>


More information about the Operators mailing list