faq

What does insecure, weak, secure and recommended mean?

insecure

These ciphers are very old and shouldn't be used under any circumstances. Their protection can be broken with minimal effort nowadays.

weak

These ciphers are old and should be disabled if you are setting up a new server for example. Make sure to only enable them if you have a special use case where support for older operating systems, browsers or applications is required.

secure

Secure ciphers are considered state-of-the-art and if you want to secure your web server you should certainly choose from this set. Only very old operating systems, browsers or applications are unable to handle them.

recommended

All 'recommended' ciphers are 'secure' ciphers by definition. Recommended means that these ciphers also support PFS (Perfect Forward Secrecy) and should be your first choice if you want the highest level of security. However, you might run into some compatibility issues with older clients that do not support PFS ciphers.

Where does the data come from?

The list of ciphers comes from the IANA, the OpenSSL and GnuTLS library. We update them regularly to ensure our service has the most complete list and newest informations at any time.

Who determines the rating?

Most of the ratings are taken from official notes of the IETF or whitepapers by security researchers.