AnsweredAssumed Answered

How to understand 90/100 on key exchange?

Question asked by Mirko Tebaldi on Jan 27, 2019
Latest reply on Jan 28, 2019 by Keith Shaw

I'm unable to understant why i get 90/100 on key exchange. 

There is no suggestion on result page and no orange lines (a part missing CAA dns record).


Actually my procotol and cyphers are read as is from your tool


TLS 1.3No
TLS 1.2Yes
TLS 1.1No
TLS 1.0No
For TLS 1.3 tests, we only support RFC 8446.



Cipher Suites
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH secp521r1 (eq. 15360 bits RSA)   FS128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp521r1 (eq. 15360 bits RSA)   FS256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 4096 bits   FS128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 4096 bits   FS256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp521r1 (eq. 15360 bits RSA)   FS128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp521r1 (eq. 15360 bits RSA)   FS256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp521r1 (eq. 15360 bits RSA)   FS128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)   DH 4096 bits   FS128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 4096 bits   FS128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 4096 bits   FS256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 4096 bits   FS256


Where could I lookup for the problem? I've nothing under 4096bit .


Thanks a lot for your vital tool and for reply, in advance.