SSL key length of 256 is too weak


hal

Recommended Posts

First of all, I've been a HawkHost customer for a number of years and have always been delighted with the service. I would unreservedly recommend it to others. That said, the issue I'm raising here is fundamental in the usefulness of the service. I believe it's vitally important, and affects everyone, so I hope you will take it in the constructive tone that it is intended.

 

Would it please be possible for you to increase the SSL key length of your shared servers? It has been generally accepted for a number of years that a length of 1024 does not provide adequate security, and recent revelations about the NSA have confirmed this. Thus, a key length of 2048 is now recommended.

 

Currently, I believe HawkHost is using keys of only 256 bits, which is extremely weak. This gives a very false sense of security to HawkHost's customers and, consequently, their website visitors. It also risks email accounts, passwords and other potentially-confidental data falling into criminal or nefarious hands.

Please see this article for reference.

 

Thank you in advance for considering this request.

 

Hal

Link to comment
Share on other sites

We should be using 2048 bit keys and by default using strong ciphers (IE: AES-256). If you want to PM me the key you're referring to I'll be more than glad to double check. Ideally we'd like to have forward secrecy but I don't believe cPanel supports that quite yet - I'll have to take a look.

 

It may be worth noting most certificate authorities require a minimum key length of 1024 bits - including the one we resell through (Global Sign) and use internally: https://www.globalsign.com/blog/1024-bit-certificate-deadline-are-you-ready.html

Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...