On 18 feb. 2015, at 11:55, Daniele Ricci <[email protected]> wrote:
> Hello, > I just tested my server: > https://xmpp.net/result.php?id=123022 > > I can understand the cipher score, but why the key exchange is "C"? I > can't see anything bad in the certificates section. Unless it's > related to something else... > > Thanks > -- > Daniele Hi Daniele, You have a number of EXPORT ciphers enabled (EXP-EDH-RSA-DES-CBC-SHA, EXP- RC4-MD5 and EXP-DES-CBC-SHA). These exist to comply with laws that forbid exporting cryptographic software that uses asymmetric keys of more than 512 bits. They do this by creating a new, temporary 512 bit RSA key for the handshake. That's absolutely not large enough to be secure anymore, so it reduces the key exchange grade to C. I hope this helps, Thijs
signature.asc
Description: Message signed with OpenPGP using GPGMail
