AnsweredAssumed Answered

Suggestions for SSLtest

Question asked by BoerenkoolMetWorst on Feb 3, 2014
Latest reply on Feb 10, 2014 by BoerenkoolMetWorst

Hello,

 

The new 2014 server rating is nice, but I think it has still some flaws. My bank for example scores an A-, it has TLS 1.2 enabled, but the only ciphersuites enabled are RC4 and 3DES, and no Forward Secrecy. I propose that an A rating should require TLS 1.2 cipher suites and Forward Secrecy.

 

I also have some small suggestions:
If the certificate is 4096 bit, make it green.
If the signature algorithm is SHA2, make it green.
If DH key exchange is only 1024 bits, make it yellow and show "Weak".
If DH key exchange is 4096 bit or ECDH key exchange is 384 bit, make it green.
If ciphersuites use MD5, make it yellow and show "Weak".

Outcomes