AnsweredAssumed Answered

Lower Key Exchange score with Forward Secrecy due to TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Question asked by Christoph von Wittich on Aug 15, 2013
Latest reply on Aug 16, 2013 by Ivan Ristić

My current cipher list offers FS for nearly all browsers with the downside of having TLS_DHE_RSA_WITH_AES_256_CBC_SHA for Firefox and Opera support. As this is using a 1024 Bit key exchange it lowers the key exchange score to 80.

 

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_RSA_WITH_RC4_128_SHA

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

SSL_RSA_WITH_RC4_128_SHA

 

 

Maybe it would make sense to add a bonus score for FS?

Outcomes