AnsweredAssumed Answered

Key exchange rating in SSL_Server_Rating_Guide.pdf

Question asked by Jos Groot Lipman on Feb 16, 2015
Latest reply on Feb 16, 2015 by tlussnig

The SSL Server Rating Guide (version 8 December 2014) is a bit confusing to me.

In Table 4 (Key exchange rating guide) it says:

     Key or DH parameter strength < 4096 bits (e.g., 2048) 90%

     Key or DH parameter strength >= 4096 bits (e.g., 4096) 100%

I think the last line should read

     Key and DH parameter strength >= 4096 bits (e.g., 4096) 100%

Otherwise the case where the key is 2048 bits and the DH parameter uses a 4096 bits key is not covered.

 

My certificate is 'RSA 2048 bits'. This is more than safe enough for the time being but do I understand correctly that this will keep me from the 100% score even if I set the DHparams to use a 4096 bit key?

Outcomes