Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


CO-piBOT: return = 40 : LOW CIPHER - The encryption algorithm uses a dangerously low key size

Although you are using an asymmetric encryption 2048-bit RSA, it is only used to encrypt initial connections until the client and server can define a of symmetric encryption usable by both sides and exchange keys.

This behavior is desirable, as asymmetric cryptography consumes far more resources than symmetric encryption.
If your server encrypts with keys that are far too small, then it becomes easy to break or bypass the encryption.
The recommendation is an RSA key length of 2048-bit.

This error also appears if your server allows obsolete ciphers. You can find the recommended cipher suites on page 26 of the ANSSI guide: ANSSI Guide to Security Recommendations for TLSv1.2

Problem resolution

This manipulation can be tedious on a Windows server (intervention in the registry). A free utility (published by NARTAQ Software) exists to simplify this task: IIS CRYPTO.
Remember to backup your system before any manipulation.

You can also consult the section dedicated to ciphers on the FAQ page aboutcipher regarding the installation of your certificate.