[Operators] Operators Digest, Vol 83, Issue 5

Daniele Ricci daniele.athome at gmail.com
Wed Feb 18 13:09:17 UTC 2015


Thanks, I'll do some tests with Tigase hardened mode tonight and
re-run the check.

On Wed, Feb 18, 2015 at 1:00 PM,  <operators-request at xmpp.org> wrote:
> On 18 feb. 2015, at 11:55, Daniele Ricci <daniele.athome at gmail.com> wrote:
>
>> Hello,
>> I just tested my server:
>> https://xmpp.net/result.php?id=123022
>>
>> I can understand the cipher score, but why the key exchange is "C"? I
>> can't see anything bad in the certificates section. Unless it's
>> related to something else...
>>
>> Thanks
>> --
>> Daniele
>
> Hi Daniele,
>
> You have a number of EXPORT ciphers enabled (EXP-EDH-RSA-DES-CBC-SHA, EXP-
> RC4-MD5 and EXP-DES-CBC-SHA). These exist to comply with laws that forbid
> exporting cryptographic software that uses asymmetric keys of more than 512
> bits. They do this by creating a new, temporary 512 bit RSA key for the
> handshake. That's absolutely not large enough to be secure anymore, so it
> reduces the key exchange grade to C.
>
> I hope this helps,
> Thijs




-- 
Daniele


More information about the Operators mailing list