Richard G
Verified User
Due to somebody I wanted to help, my eye catched on something weird about ciphers.
Older server:
So everything strong and good.
But on newly installed VPS with Debian 11 and also newly installed Alma 8.x server
So now it's not "strong" anymore but A, and we got the key exchange notice about a lower strength then certificate key?
Probably caused by that chacha20 key?
It's default DA install. Shouldn't this be at least same strength?
Older server:
Code:
PORT STATE SERVICE
465/tcp open smtps
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
| compressors:
| NULL
|_ least strength: strongBut on newly installed VPS with Debian 11 and also newly installed Alma 8.x server
Code:
PORT STATE SERVICE
465/tcp open smtps
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 4096) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| Key exchange (ecdh_x25519) of lower strength than certificate key
|_ least strength: AProbably caused by that chacha20 key?
It's default DA install. Shouldn't this be at least same strength?