e=3 is evil

RSA with an exponent of 3 (e=3) is a bad choice. If you want some background info read the FAQ. Check your keys.

Checks have been disabled, but you can use badkeys.info, it will check RSA public key exponents, too.

Background info

RSA keys with very small exponents like e=3 are a risky choice. Recommendations and best practises to avoid very small exponents have been there for years. In 2014 six certificate authority included in mainstream browsers use e=3.

If everyone had migrated to safer values like e=65537 the recent BERserk vulnerability in Firefox and Chrome would have been a pretty boring bug. It's only a serious vulnerability with e=3.

This site is run by Hanno Böck.