Skip to the content
  • Why Vertex
    • Expertise in Education
    • Your Trusted Partner
    • Humanitix Case Study
    • Give Back
    • Careers
  • Penetration Testing
  • ISO27001
  • Cyber Training
  • Solutions
    • Cyber Security Audit
    • Incident Response
    • Managed Services
  • News
  • Contact
  • Why Vertex
    • Expertise in Education
    • Your Trusted Partner
    • Humanitix Case Study
    • Give Back
    • Careers
  • Penetration Testing
  • ISO27001
  • Cyber Training
  • Solutions
    • Cyber Security Audit
    • Incident Response
    • Managed Services
  • News
  • Contact
LOG IN

What bit size for Website TLS Certificate?

For a website to have HTTPS it uses a TLS certificate (previously SSL certificate). This certificate allows HTTPS websites to share the public key so anyone can send encrypted data to the website. This makes sure the data sent is protected and can’t be read or modified by someone within the internet, but allows the website to decrypt the data to read it and respond. So it is great at protecting the data sent using (asymmetric) encryption.

This asymmetric Encryption is based on mathematical methods where one way (encrypt) is alot faster than another way (decrypt) without the shortcut. This means if we make the number large enough the ability to decrypt it without the shortcut is beyond the computing power of current systems. An example of this is multiplication vs factorisation. To multiple 2 very large numbers is simple, but to factorise one very large number into 2 large numbers (prime numbers) is extremely hard in comparison. So you can see hopefully the key measure of security is the size of the number. The larger the number the harder it is to factorise.

This is where key size comes in, the key size it the size of the number. So the larger the key size the larger the number and the harder it is to factorise.

Combined with attacks where people capture internet traffic (which might be HTTPS) and store the data for 5 to 10 years, in the hope that in 5 to 10years computers improve enough they can factorise the large number and decrypt the internet traffic and read the internet traffic including usernames and passwords.

There for the key size for the certificate must be large enough to not only protect against attacks but current super computers, but also future super computers in 10years time.

Therefore we recommend increasing the key size (where possible) to the something that expected to be secure for more than 10years, which by our maths is 3072bit RSA or 256bit ECDSA or larger.

If the platform / provider doesn’t support the larger keys, we would suggest creating a support request to see if they can change it and in the meantime uploading a custom certificate.

As part of our Penetration testing this is one of hundreds of things we check, so if you aren’t sure or want to check your website for vulnerabilities feel free to contact us.

CATEGORIES

Cyber Security - Governance - Penetration Testing

TAGS

128bit - 2056bit - ECDSA - RSA - SSL Certificate - tls - tls certificate

SHARE

PrevPreviousPenetration Test vs Cyber Review vs Cyber Audit
NextWhat is a VPN?Next

Follow Us!

Facebook Twitter Linkedin Instagram
Cyber Security by Vertex, Sydney Australia

Your partner in Cyber Security.

Terms of Use | Privacy Policy

Accreditations & Certifications

blank
blank
blank
blank
blank
  • 1300 229 237
  • Suite 13.04 189 Kent Street Sydney NSW 2000 Australia
  • 121 King St, Melbourne VIC 3000
  • Lot Fourteen, North Terrace, Adelaide SA 5000
  • Level 2/315 Brunswick St, Fortitude Valley QLD 4006, Adelaide SA 5000

(c) 2025 Vertex Technologies Pty Ltd.

download (2)
download (4)

We acknowledge Aboriginal and Torres Strait Islander peoples as the traditional custodians of this land and pay our respects to their Ancestors and Elders, past, present and future. We acknowledge and respect the continuing culture of the Gadigal people of the Eora nation and their unique cultural and spiritual relationships to the land, waters and seas.

We acknowledge that sovereignty of this land was never ceded. Always was, always will be Aboriginal land.