Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 07-12-2013, 09:25 AM   #1
LQ Newbie
Registered: Jul 2013
Posts: 3

Rep: Reputation: Disabled
Stupid question about SSL

I recently installed a cert into my web server for ssl however when I went to the site to confirm I noticed it was encrypted using 128-bit encryption. How do I get that changed to use 256-bit encryption?

The site is now trusted and verified which is great but I need it to use 256-bit encryption.

Amateur Hour
Old 07-12-2013, 09:57 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
the level of encryption is defined by the cipher suites the SSL layer uses. The server tells the client a list of ciphers it will use, and the client chooses one, as long as it can use one. if you remove any 128 bit cipher then the client will hqve to use a sstronger one (although generally speaking the client *should* use the strongest possible.

and note that while that link should be all you need, the cipher list they have does include 128 bit ciphers on most systems:

# openssl ciphers 'HIGH:!aNULL:!MD5'
but they go on to block them too.... you can tailor that list to match your exact requriements easily enough.

Last edited by acid_kewpie; 07-12-2013 at 10:00 AM.
Old 07-12-2013, 12:06 PM   #3
LQ Newbie
Registered: Jul 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
Gotcha thanks for your reply. Since i'm having issues with a web service integration I thought I would throw this out there in case you have any ideas. Client is assuming there is something wrong with our SSL cert. The cert is verified and trusted through symantec verisigned.

faultCode: {}Server.generalException
faultString: Unable to decrypt message
faultActor: null

[7/10/13 21:17:29:441 IST] 00000026 JAXRPCHandler E$3 onFault WSWS3418E: Error: Exception generated during handler fault processing.
[7/10/13 21:17:29:300 IST] 00000026 SystemErr R Received fatal alert: handshake_failure
[7/10/13 21:17:29:316 IST] 00000026 SystemErr R at
Old 07-15-2013, 12:42 AM   #4
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,706
Blog Entries: 4

Rep: Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030
Most likely, ummm, there is something wrong with your SSL-certificate configuration. During the initial "handshake" exchange in which the two sides establish the per-session cipher key, your certificate is being rejected ... and not because of signing or trust. It's going to turn out to be a configuration error.

Very carefully and very patiently repeat all of the setup instructions, carrying them out exactly as shown.
Old 07-16-2013, 06:21 PM   #5
LQ Newbie
Registered: Jul 2013
Posts: 1

Rep: Reputation: Disabled
Lightbulb SSL Handshake.

SSL handshake is a two way street. You might want to use 256 cyphers, but can your client handle them? typically if your forcing certain cyphers and the client can handle them they will get connection issues with your SSL session. Certain systems on their end might be dated and not have 256 support. If you have your certificate along with your private key and are able to establish a connection using ping or some ssl checker and can see the certificate with that connection, yet they cannot... means they have an issue with the configuration.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
recovering "lost" users..... probably stupid question (stupid user.......) bigjohn Linux - Newbie 6 11-07-2009 07:51 PM
Stupid, stupid question; I lost Klaptop. :( Surfrider Slackware 2 08-31-2005 10:12 PM
Stupid Dumb Stupid Question... drigz Linux - Software 3 09-23-2004 04:09 PM
Another Stupid Question Bobmeister Linux - Hardware 3 05-26-2003 07:16 AM
Stupid question Cichlid General 2 01-09-2002 11:04 AM > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 11:25 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration