SSL connections insufficiently secured (HTTPS) #2552
Locked
pepijn-vanvlaanderen
started this conversation in
Idea
Replies: 1 comment 2 replies
-
Can someone from Vercel give some input? For context. The check of @pepijn-vanvlaanderen is done using a Vercel website as input on https://internet.nl/ |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I tested multiple of my Vercel websites and saw the below results for the TLS key exchange parameters. Can this be improved on your platform?
Verdict:
Your web server supports insufficiently secure parameters for Diffie-Hellman key exchange.
Technical details:
Test explanation:
We check if the public parameters used in Diffie-Hellman key exchange by your web server are secure.
ECDHE: The security of elliptic curve Diffie-Hellman (ECDHE) ephemeral key exchange depends on the used elliptic curve. We check if the bit-length of the used elliptic curves is a least 224 bits. Currently we are not able to check the elliptic curve name.
DHE: The security of Diffie-Hellman Ephemeral (DHE) key exchange depends on the lengths of the public and secret keys used within the chosen finite field group. We test if your DHE public key material uses one of the predefined finite field groups that are specified in RFC 7919. Self-generated groups are 'Insufficient'.
The larger key sizes required for the use of DHE come with a performance penalty. Carefully evaluate and use ECDHE instead of DHE if you can.
RSA as an alternative: Besides ECDHE and DHE, RSA can be used for key exchange. However, it is at risk of becoming insufficiently secure (current status 'phase out'). The RSA public parameters are tested in the subtest 'Public key of certificate'. Note that RSA is considered as 'good' for certificate verification.
See 'IT Security Guidelines for Transport Layer Security (TLS) v2.1' from NCSC-NL, guideline B5-1 and table 9 for ECDHE, and guideline B6-1 and table 10 for DHE (in English).
Elliptic curve for ECDHE
secp384r1
,secp256r1
,x448
, andx25519
secp224r1
Finite field group for DHE
Sufficient:
sha256 checksum:
64852d6890ff9e62eecd1ee89c72af9af244dfef5b853bcedea3dfd7aade22b3
sha256 checksum:
c410cc9c4fd85d2c109f7ebe5930ca5304a52927c0ebcb1a11c5cf6b2386bbab
Phase out:
sha256 checksum:
9ba6429597aeed2d8617a7705b56e96d044f64b07971659382e426675105654b
Insufficient: Other groups
Note: the above names are based on the IANA naming conventions. Sometimes alternative names are used to refer to the same curves, like
prime256v1
(ANSI) andNIST P-256
forsecp256r1
.Technical details:
Web server IP address Affected parameters Status
76.76.21.21 DH-2048 insufficient
Test explanation:
We check if the public parameters used in Diffie-Hellman key exchange by your web server are secure.
ECDHE: The security of elliptic curve Diffie-Hellman (ECDHE) ephemeral key exchange depends on the used elliptic curve. We check if the bit-length of the used elliptic curves is a least 224 bits. Currently we are not able to check the elliptic curve name.
DHE: The security of Diffie-Hellman Ephemeral (DHE) key exchange depends on the lengths of the public and secret keys used within the chosen finite field group. We test if your DHE public key material uses one of the predefined finite field groups that are specified in RFC 7919. Self-generated groups are 'Insufficient'.
The larger key sizes required for the use of DHE come with a performance penalty. Carefully evaluate and use ECDHE instead of DHE if you can.
RSA as an alternative: Besides ECDHE and DHE, RSA can be used for key exchange. However, it is at risk of becoming insufficiently secure (current status 'phase out'). The RSA public parameters are tested in the subtest 'Public key of certificate'. Note that RSA is considered as 'good' for certificate verification.
See 'IT Security Guidelines for Transport Layer Security (TLS) v2.1' from NCSC-NL, guideline B5-1 and table 9 for ECDHE, and guideline B6-1 and table 10 for DHE (in English).
Elliptic curve for ECDHE
Good: secp384r1, secp256r1, x448, and x25519
Phase out: secp224r1
Insufficient: Other curves
Finite field group for DHE
Sufficient:
ffdhe4096 (RFC 7919)
sha256 checksum: 64852d6890ff9e62eecd1ee89c72af9af244dfef5b853bcedea3dfd7aade22b3
ffdhe3072 (RFC 7919)
sha256 checksum: c410cc9c4fd85d2c109f7ebe5930ca5304a52927c0ebcb1a11c5cf6b2386bbab
Note that we also test for ffdhe8192 and ffdhe6144. However their limited gain in security rarely outweighs the loss in performance.
Phase out:
ffdhe2048 (RFC 7919)
sha256 checksum: 9ba6429597aeed2d8617a7705b56e96d044f64b07971659382e426675105654b
Insufficient: Other groups
Note: the above names are based on the IANA naming conventions. Sometimes alternative names are used to refer to the same curves, like prime256v1 (ANSI) and NIST P-256 for secp256r1.
Beta Was this translation helpful? Give feedback.
All reactions