Is this HTTPS cert good/modern?

wh33t · 01-14-2016, 06:51 PM

I'm using tutanota.com as my secure email provider and I'm curious how good their encryption is. Here is what FF reports as their cert:

Code:

TLS_ECDHE_RSA_WITH_AES128_GCM_SHA256, 128 bit keys, TLS 1.2

Is that modern and "good" (for lack of a better word)

Habitual · 01-15-2016, 09:49 AM

This is a year old and may still be relevant?
http://security.stackexchange.com/qu...-aes-128-gcm-s

sundialsvcs · 01-20-2016, 08:23 PM

It is my impression that the answer to your question is, "yes."

Steven_G · 01-21-2016, 08:31 PM

Absolutely.

It is not bleeding edge sec. But it is *very* strong encryption and they are following industry / sec best practices.

This does not mean it is uncrackable by the likes of the NSA w/ *workarounds* to circumvent the encryption. But the encryption itself is currently directly uncrackable even by them

But, unless you've got another mitigating factor like an infected router / machine, etc, then crims should not be MtMing your mail.

Here is the servers Qualys report. (You can check any published sever on the interwebs here.)