AnsweredAssumed Answered

Why does IE 11 report ECDH key exchange of 255 bits?

Question asked by Simon Waters on Dec 12, 2019

One of our clients asked us to report the Internet Explorer connection details of various cloud services.


Slightly odd, as I hope no one is using IE any more. Certainly a product I've stayed well clear of for many years, so never had cause to ponder its workings.


However I noted that the ECDH key exchange is often described as 255 bits when you use the page "properties" dialog in IE, where elsewhere (SSL Labs checker for example) describes the simulated key exchange as 256 bits.


e.g. "TLS 1.2, AES with 256 bit encryption (High); ECDH with 255 bit exchange"


I couldn't see this behaviour referenced anywhere (my Google foo is weak, as is my knowledge of the innards of ECDH), I can quite believe it is an optimisation, and that halving the key space probably doesn't matter, but I'd expected someone to have commented on it before.


What gives? And is the SSL simulation assuming Microsoft are twice as good as they appear?