Thanks, I'll do some tests with Tigase hardened mode tonight and re-run the check.
On Wed, Feb 18, 2015 at 1:00 PM, <[email protected]> wrote: > On 18 feb. 2015, at 11:55, Daniele Ricci <[email protected]> wrote: > >> Hello, >> I just tested my server: >> https://xmpp.net/result.php?id=123022 >> >> I can understand the cipher score, but why the key exchange is "C"? I >> can't see anything bad in the certificates section. Unless it's >> related to something else... >> >> Thanks >> -- >> Daniele > > Hi Daniele, > > You have a number of EXPORT ciphers enabled (EXP-EDH-RSA-DES-CBC-SHA, EXP- > RC4-MD5 and EXP-DES-CBC-SHA). These exist to comply with laws that forbid > exporting cryptographic software that uses asymmetric keys of more than 512 > bits. They do this by creating a new, temporary 512 bit RSA key for the > handshake. That's absolutely not large enough to be secure anymore, so it > reduces the key exchange grade to C. > > I hope this helps, > Thijs -- Daniele
