Domains: Whonix, Kicksecure
Nginx configuration: ssl_ecdh_curve X448;
As per SSL Labs Key exchange table they only consider 4096 bits (Equivalent RSA/DH Key Size) and above to be secure (100% score reading) which mean only secp384r1 and secp521r1 must be used.
What's your insights about this subject?
ThX!
Supporting x448 is fine, but the vast majority of the world is using X25519. There’s no security reason not to use X25519 for key exchange except for post-quantum threats, which x448 isn’t going to help too much.
If you’re interested in high security, you should ensure you have post-quantum key exchange support, like X25519+ML-KEM-768