What does insecure, weak, secure and recommended mean?


These ciphers are very old and shouldn't be used under any circumstances. Their protection can be broken with minimal effort nowadays.


These ciphers are old and should be disabled if you are setting up a new server for example. Make sure to only enable them if you have a special use case where support for older operating systems, browsers or applications is required.


Secure ciphers are considered state-of-the-art and if you want to secure your web server you should certainly choose from this set. Only very old operating systems, browsers or applications are unable to handle them.


All 'recommended' ciphers are 'secure' ciphers by definition. Recommended means that these ciphers also support PFS (Perfect Forward Secrecy) and should be your first choice if you want the highest level of security. However, you might run into some compatibility issues with older clients that do not support PFS ciphers.

Where does the data come from?

The list of ciphers comes from the IANA, the OpenSSL and GnuTLS library. We update them regularly to ensure our service has the most complete list and newest informations at any time.

Who determines the rating?

Most of the ratings are taken from official notes of the IETF or whitepapers by security researchers.

Is there an API?

Yes, there is. A description can be found at api.ciphersuite.info. If you want to use the API, there is a guide in our blog. We would be happy to hear for what you use the API.