On 13.11.2013 16:31, Fedor Brunner wrote:> This information is quite important because during DHE key exchange a > temporary key is generated. This temporary key is used for encryption of > the communication and the server public RSA key is used ONLY for signing > of this temporary key and NOT for encryption of the communication. The > problem is that in many cases the temporary key much shorter than the > server RSA key. > > For example the server jabber.ccc.de uses 2048 bit RSA public key, but > the length of the temporary key is only 1024 bit. The public key score > is 90, cipher score is 90 > http://xmpp.net/result.php?domain=jabber.ccc.de&type=server
I agree that this information is important, however, there are implementations which do not support more than 1024 bits of DH and are unable to negotiate an TLS connection if the 1024 are exceeded, without the app or the user knowing why it failed. This means, if you have 1024bit EDH and the client and server agree on negotiating EDH (likely if the client prefers it, as it should), they're unable to connect. This seems to affect primarily java and some versions of openssl, as I've learnt on this list. regards, jw
