Stupid question about SSL
I recently installed a cert into my web server for ssl however when I went to the site to confirm I noticed it was encrypted using 128-bit encryption. How do I get that changed to use 256-bit encryption?
The site is now trusted and verified which is great but I need it to use 256-bit encryption. Amateur Hour |
the level of encryption is defined by the cipher suites the SSL layer uses. The server tells the client a list of ciphers it will use, and the client chooses one, as long as it can use one. if you remove any 128 bit cipher then the client will hqve to use a sstronger one (although generally speaking the client *should* use the strongest possible.
https://httpd.apache.org/docs/2.0/ss...tml#onlystrong and note that while that link should be all you need, the cipher list they have does include 128 bit ciphers on most systems: Code:
# openssl ciphers 'HIGH:!aNULL:!MD5' |
Gotcha thanks for your reply. Since i'm having issues with a web service integration I thought I would throw this out there in case you have any ideas. Client is assuming there is something wrong with our SSL cert. The cert is verified and trusted through symantec verisigned.
faultDetail: faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException faultString: java.io.IOException: Unable to decrypt message faultActor: null [7/10/13 21:17:29:441 IST] 00000026 JAXRPCHandler E com.ibm.ws.webservices.engine.handlers.jaxrpc.JAXRPCHandler$3 onFault WSWS3418E: Error: Exception generated during handler fault processing. [7/10/13 21:17:29:300 IST] 00000026 SystemErr R javax.net.ssl.SSLException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure [7/10/13 21:17:29:316 IST] 00000026 SystemErr R at |
Most likely, ummm, there is something wrong with your SSL-certificate configuration. During the initial "handshake" exchange in which the two sides establish the per-session cipher key, your certificate is being rejected ... and not because of signing or trust. It's going to turn out to be a configuration error. :banghead:
Very carefully and very patiently repeat all of the setup instructions, carrying them out exactly as shown. |
SSL Handshake.
SSL handshake is a two way street. You might want to use 256 cyphers, but can your client handle them? typically if your forcing certain cyphers and the client can handle them they will get connection issues with your SSL session. Certain systems on their end might be dated and not have 256 support. If you have your certificate along with your private key and are able to establish a connection using ping or some ssl checker and can see the certificate with that connection, yet they cannot... means they have an issue with the configuration.
|
All times are GMT -5. The time now is 10:57 PM. |