[Operators] Key exchange score "C"
thijs at xnyhps.nl
Wed Feb 18 11:07:36 UTC 2015
On 18 feb. 2015, at 11:55, Daniele Ricci <daniele.athome at gmail.com> wrote:
> I just tested my server:
> I can understand the cipher score, but why the key exchange is "C"? I
> can't see anything bad in the certificates section. Unless it's
> related to something else...
You have a number of EXPORT ciphers enabled (EXP-EDH-RSA-DES-CBC-SHA, EXP-
RC4-MD5 and EXP-DES-CBC-SHA). These exist to comply with laws that forbid
exporting cryptographic software that uses asymmetric keys of more than 512
bits. They do this by creating a new, temporary 512 bit RSA key for the
handshake. That's absolutely not large enough to be secure anymore, so it
reduces the key exchange grade to C.
I hope this helps,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Operators