-
Notifications
You must be signed in to change notification settings - Fork 239
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL Labs: How to improve Cipher Strength in TLS 1.3? #602
Comments
Dear Anna, I don't think this is the right platform for your request, since this is just the repo for the API reference implementation. But I'll wrap it up for you: If this answers your question feel free to close this issue :). |
This the forum for all such questions. You will get better responses there |
Dear bhushan5640: Thanks to both of you for your kind and helpful answers!
That's the most useful guide so far. However, it doesn't answer the question on how to push Key Exchange and Cipher Strength beyond the mark of 90%! :-)
That answer was to the point and very helpful! I did that as far as I could! https://www.ssllabs.com/ssltest/analyze.html?d=www.cloudinsidr.com&latest
@bhushan5640 The Let's Encrypt Certificate is RSA 2048! That's up to Let's Encrypt to change! Cipher Strength 100%: key size >= 256 bits - I'll gonna try that. Maybe it works... Thanks a lot! |
You’re confusing Key Exchange (KEX) and certificate signature. To have a KEX of >= 4096, you have to use either DHE with DH parameters of 4096 bits or above, or ECDHE and a curve that is at least 256 bits-equivalent (that is, not secp256 or 384 but 521, and not X25519 but X448). With elliptic curves this is hard to do, because such high bits elliptic curves are not widely supported. For cipher strength, that means you must disable cipher with |
Thanks ArchangeGabriel ! :-) |
You mentioned, "The Let's Encrypt Certificate is RSA 2048, however I can't really change that..." This is easy to change, just generate a 4096 bit cert. |
I got an A+ grading:
Certificate 100%
Protocol Support 100%
Key Exchange 90%
Cipher Strength 90%
Any tips on how to improve Key Exchange & Cipher Strength. Especially Cipher Strength in TLS 1.3 with AEAD isn't so well documented yet.
What do I need to do to get Key Exchange from 90% up to 100%?
What do I need to do to get Cipher Strength from 90% up to 100%?
Thank you for some insightful hints and tips! :-)
The text was updated successfully, but these errors were encountered: