-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PFS key size in PFS summary #18
Comments
It's certainly a nice to have. There are other things more important for now. (BTW: It has nothing to do with the openssl version and if you follow the instruction @ https://github.com/drwetter/testssl.sh/tree/master/openssl-bins/openssl-1.0.2-chacha.pm/ you will have openssl 1.0.2++ ;-) |
Well, it's just much easier to extract with 1.0.2 as it's in a field ready to be parsed without having to analyse a hex output :). And I find the info very useful as there is no point having a 4096bit cert if Apache is exchanging keys with DH1024, but there is no rush. |
The point is that one can't force users to use a specific OpenSSL version. Compatibility is more important to me. The biggest pain is Mac OsX. Latest version still has 0.98z (?). From the crypto perspective personally I 'd rather prefer DH w/ 1024 bits as encryption with EC algorithm. But that's more a gut instinct. Still I agree, an indicator would be a nice to have. |
👍 |
This is what I'm getting with cipherscan when using OpenSSL 1.0.2
Even though that version of OpenSSL isn't out yet, I think it would be useful to get ready and offer that kind of information as soon as it's out.
The text was updated successfully, but these errors were encountered: