AnsweredAssumed Answered

Key Exchange strength

Question asked by Ken Schultz on Jan 14, 2020
Latest reply on Jan 16, 2020 by Rob Moss

I'm trying to understand the grading scheme for Key Exchange strength.

I'm currently getting a grade of 90%. My servers have both RSA/4096 and ECC/384 keys on them, using KxECDHE only.

 

The grading guide, SSL Server Rating Guide · ssllabs/research Wiki · GitHub , lists the grades for RSA key lengths, but not for ECC key lengths, so I'm forced to guess there as to what's considered strong by the testing algorithm.

 

I also see the verbiage about DH parameters. 

Are those parameters what is being shown after each cipher string, in small grey lettering? I'm getting "ECDH secp256r1" for every cipher in the Handshake Simulation. Is that the parameter that's being referred to?

 

F5 TMOS 14.1, if that's relevent.

 

Thanks

Outcomes