e=3 is evil

RSA with an exponent of 3 (e=3) is a bad choice. If you want some background info read the FAQ. Check your keys.

Check your website's certificate (input domain name):

Check your e value (decimal integer):


Background info

RSA keys with very small exponents like e=3 are a risky choice. Recommendations and best practises to avoid very small exponents have been there for years. In 2014 six certificate authority included in mainstream browsers use e=3.

If everyone had migrated to safer values like e=65537 the recent BERserk vulnerability in Firefox and Chrome would have been a pretty boring bug. It's only a serious vulnerability with e=3.

This site is run by Hanno Böck.