UPDATE: Certificates are expired and many browsers have upped their DH requirements after the Logjam vuln. I may restore this test at some point if there is demand.

Some checks for browser capabilities regarding Diffie-Hellman key exchange. In the table below, images are included from various subdomains that use different Diffie-Hellman parameters. If you see an image the connection succeeded, if you see an X or some other error symbol from your browser the connection failed.

Tests requires Server Name Indication (SNI), all current browsers support that, some older ones don't. For the DSA tests you need to import the root cert from CAcert.org.

Results so far:

Some more background in my blog and I wrote a german article for Golem.de.

DH paramsRSA/4096DSA/2048DSA/1024
8 Bit
16 Bit
32 Bit
64 Bit
128 Bit
256 Bit
512 Bit
768 Bit
1024 Bit
2048 Bit
4096 Bit
8192 Bit
8 Bit, "prime" 15
1024 Bit, no prime

Symbol meaning

Very short prime (if your browser doesn't accept: good)
Short prime
Good prime (if your browser doesn't accept: bad)
Parameters with errors (like no prime)

This test was created by Hanno Böck.