Weak keys

  • "RSA key strength - Use an SSL certificate has an RSA key size of 2048 bits or larger."
  • "ECC key strength - Use an SSL certificate has an ECC key size of 233 bits or larger."

Problem

Continued use of weak keys in certificates puts your clients' sensitive data at risk. Exhaustive key searches/brute force attacks against certificates with weak keys are a danger to network security.

As computational power increases so does the need for stronger keys. The current acceptable key strength for an RSA (Rivest-Shamir-Adleman) key is 2048 bits. DigiCert only issues certificates with an RSA key of 2048 bits or higher. The current acceptable key strength for an ECC (Elliptical Curve Cryptology) key is 233 bits.

Solution

Reissue or renew your certificates using either an RSA key of 2048 bits (or higher) or an EEC key of 233 bits (or higher).