I recently started using GSA CE, a great tool! Now it seems GSA is reporting a false positive for:
The SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048).
ID: 1.3.6.1.4.1.25623.1.0.106223
Result: Server Temporary Key Size: 1024 bits
Port: TCP 143/995/110/993
I’m running up-to-date Ubuntu 18.04 LTS with Dovecot 2.3.11.3 and Postfix 3.3.0.
When I do:
openssl s_client -showcerts -cipher “EDH” -connect my.server.nu:993 -servername my.server.nu:993
It reports:
…
Server Temp Key: X25519, 253 bits
…
Which is equivalent to 3072 bits RSA according to others on the internet.
Is GSA OK and is my mailserver misconfigured or is it a False Positive?