Sign in to follow this  
hal

SSL key length of 256 is too weak

Recommended Posts

First of all, I've been a HawkHost customer for a number of years and have always been delighted with the service. I would unreservedly recommend it to others. That said, the issue I'm raising here is fundamental in the usefulness of the service. I believe it's vitally important, and affects everyone, so I hope you will take it in the constructive tone that it is intended.

 

Would it please be possible for you to increase the SSL key length of your shared servers? It has been generally accepted for a number of years that a length of 1024 does not provide adequate security, and recent revelations about the NSA have confirmed this. Thus, a key length of 2048 is now recommended.

 

Currently, I believe HawkHost is using keys of only 256 bits, which is extremely weak. This gives a very false sense of security to HawkHost's customers and, consequently, their website visitors. It also risks email accounts, passwords and other potentially-confidental data falling into criminal or nefarious hands.

Please see this article for reference.

 

Thank you in advance for considering this request.

 

Hal

Share this post


Link to post
Share on other sites

We should be using 2048 bit keys and by default using strong ciphers (IE: AES-256). If you want to PM me the key you're referring to I'll be more than glad to double check. Ideally we'd like to have forward secrecy but I don't believe cPanel supports that quite yet - I'll have to take a look.

 

It may be worth noting most certificate authorities require a minimum key length of 1024 bits - including the one we resell through (Global Sign) and use internally: https://www.globalsign.com/blog/1024-bit-certificate-deadline-are-you-ready.html

Share this post


Link to post
Share on other sites

Hi hawkhost. can you check my site(depot4u.com) what wrong with it? Thank you!

Your web site is loading from here. I would advise opening a support ticket and please explain what the issue is so our team can properly investigate.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this