AnsweredAssumed Answered

QID 38171 - SSL Cert - server public key too small

Question asked by mcalvi on Feb 21, 2014

According to the vuln KB:

     An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.       

        Best practices require that digital signatures be 2048 or more bits long to provide adequate security. Key lengths of 1024 are acceptable through 2013, but since 2011 they are considered deprecated.        

 

Should this be updated to now include 1024 bit keys as triggering the vuln?  Or if not, is there a QID for certs between 1024 and 2048?

Outcomes