The cryptographic procedures and key lengths to be used are specified in parts two and four of Technical Guideline BSI TR-03116. These crypto requirements are reviewed as part of conformity tests performed on eID clients and eID servers. The requirements pertain to the production system. When changes are to be made to cryptographic procedures and key lengths, they are first carried out in the test system.

To aid service providers in performing TLS configurations in line with part four of the Technical Guideline cited above, the BSI offers the following checklist:

TLS-Checkliste für Diensteanbieter

The freely available testing tool SSL Labs and similar tools from other providers can also be helpful in completing such configurations. TLS Checklist Inspector also provides a clear and simple means of reviewing compliance with the requirements of the Technical Guideline.