Comments on: 256-bit AES Encryption for SSL and TLS: Maximal Security http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html News, solutions and insider insight from LuxSci: provider of Secure Email and Web Security Thu, 06 Oct 2011 17:44:26 +0000 hourly 1 http://wordpress.org/?v=402 By: How to surf safe in today’s digital world? « Ovidiu Bernaschi's Blog http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html/comment-page-1#comment-1301 How to surf safe in today’s digital world? « Ovidiu Bernaschi's Blog Mon, 11 Jul 2011 15:45:58 +0000 http://luxsci.com/blog/?p=623#comment-1301 [...] first I really think you should read this article if you’ve got a basic understanding of Internet encryption. Towards the end of the page, [...] [...] first I really think you should read this article if you’ve got a basic understanding of Internet encryption. Towards the end of the page, [...]

]]> By: Nord http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html/comment-page-1#comment-654 Nord Tue, 09 Feb 2010 20:04:23 +0000 http://luxsci.com/blog/?p=623#comment-654 Although AES won the world-wide competition for a new security standard to replace DES (and 3DES), it is not the only good encryption standard. Two other competitors receive uniformly good marks: Blowfish (128) and TwoFish (its successor). Although AES won the world-wide competition for a new security standard to replace DES (and 3DES), it is not the only good encryption standard.

Two other competitors receive uniformly good marks: Blowfish (128) and TwoFish (its successor).

]]> By: Secure Web Pages and Secure Web Forms: Steps to Security | LuxSci FYI http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html/comment-page-1#comment-588 Secure Web Pages and Secure Web Forms: Steps to Security | LuxSci FYI Sun, 10 Jan 2010 03:03:06 +0000 http://luxsci.com/blog/?p=623#comment-588 [...] You can modify your web server configuration so that only levels of encryption that you approve can be used to access your site.  For more information, see 256-bit AES Encryption for SSL and TLS: Maximal Security. [...] [...] You can modify your web server configuration so that only levels of encryption that you approve can be used to access your site.  For more information, see 256-bit AES Encryption for SSL and TLS: Maximal Security. [...]

]]> By: Erik Kangas http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html/comment-page-1#comment-549 Erik Kangas Fri, 04 Dec 2009 04:22:41 +0000 http://luxsci.com/blog/?p=623#comment-549 Note that while they support it, they will choose 128-bit over 256 bit when both are available on the server side. So, if you are connecting to a site that is not 256-bit only, these systems will use only 128-bit AES. Microsoft judges that the speed up using 128-bit is more important than the security of using 256-bit. Note that while they support it, they will choose 128-bit over 256 bit when both are available on the server side. So, if you are connecting to a site that is not 256-bit only, these systems will use only 128-bit AES. Microsoft judges that the speed up using 128-bit is more important than the security of using 256-bit.

]]> By: Derek http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html/comment-page-1#comment-547 Derek Wed, 02 Dec 2009 17:18:03 +0000 http://luxsci.com/blog/?p=623#comment-547 According to TechNet IE on Vista/Windows 7 supports AES-256. http://technet.microsoft.com/en-us/library/cc766285(WS.10).aspx TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA According to TechNet IE on Vista/Windows 7 supports AES-256.

http://technet.microsoft.com/en-us/library/cc766285(WS.10).aspx

TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA

]]> By: Erik Kangas http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html/comment-page-1#comment-489 Erik Kangas Mon, 31 Aug 2009 01:06:53 +0000 http://luxsci.com/blog/?p=623#comment-489 Looks like Yahoo! Mail doesn't support AES 256 encryption -- so by restricting your browser to using it you have loced yourself out of Yahoo! Mail. Your choice is to either give up on the higher strength security so you can use Yahoo! Mail, or move to another email provider (like LuxSci) that does. Looks like Yahoo! Mail doesn’t support AES 256 encryption — so by restricting your browser to using it you have loced yourself out of Yahoo! Mail. Your choice is to either give up on the higher strength security so you can use Yahoo! Mail, or move to another email provider (like LuxSci) that does.

]]> By: Kevin Frederick http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html/comment-page-1#comment-488 Kevin Frederick Mon, 31 Aug 2009 00:56:23 +0000 http://luxsci.com/blog/?p=623#comment-488 I have done the Mozilla AES-256 encryption method (editing the about:config) and now I cannot login Yahoo! Mail, this has never happened before and it had worked fine before I changed my config. I believe that Yahoo! Mail is safe enough to log on, yet I cannot do so. Here is the message I am receiving: Secure Connection Failed An error occurred during a connection to login.yahoo.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) * The page you are trying to view can not be shown because the authenticity of the received data could not be verified. * Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. Any ideas? I have done the Mozilla AES-256 encryption method (editing the about:config) and now I cannot login Yahoo! Mail, this has never happened before and it had worked fine before I changed my config. I believe that Yahoo! Mail is safe enough to log on, yet I cannot do so.
Here is the message I am receiving:

Secure Connection Failed

An error occurred during a connection to login.yahoo.com.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

* The page you are trying to view can not be shown because the authenticity of the received data could not be verified.

* Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

Any ideas?

]]> By: Erik Kangas http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html/comment-page-1#comment-472 Erik Kangas Sat, 15 Aug 2009 01:38:46 +0000 http://luxsci.com/blog/?p=623#comment-472 Hello, There is nothing wrong or out of date here. The thing is that Vista supports AES256 and AES128, but given the choice of the two will pick AES128 for speed over security. XP doesn't support AES at all by default. In your web server, you specified only 2 possible ciphers -- and the only AES one you allow is AES256. Thus, given the choice between AES256 and RC4, Vista will happily choose AES256. XP will choose RC4 as it does not support AES. This is what you see. However, if you included AES128 in your list of allowed ciphers, then Vista would use that instead of AES256. Hello,

There is nothing wrong or out of date here. The thing is that Vista supports AES256 and AES128, but given the choice of the two will pick AES128 for speed over security. XP doesn’t support AES at all by default.

In your web server, you specified only 2 possible ciphers — and the only AES one you allow is AES256. Thus, given the choice between AES256 and RC4, Vista will happily choose AES256. XP will choose RC4 as it does not support AES. This is what you see. However, if you included AES128 in your list of allowed ciphers, then Vista would use that instead of AES256.

]]> By: Serge Fonville http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html/comment-page-1#comment-468 Serge Fonville Thu, 13 Aug 2009 15:09:40 +0000 http://luxsci.com/blog/?p=623#comment-468 I'm not sure how up to date this is, but: I am running apache 2.2 on Vista Home Premium x64 and have set SSLCipherSuite AES256-SHA:RC4-MD5 and when I connect to my website from the same system, the ssl access log shows AES256-SHA, when I connecto from XP Home x32 to the site the log says RC4-MD5. Perhaps this is specific to Vista x64... My Vista and XP both have the most recent updates I’m not sure how up to date this is, but:
I am running apache 2.2 on Vista Home Premium x64 and have set SSLCipherSuite AES256-SHA:RC4-MD5 and when I connect to my website from the same system, the ssl access log shows AES256-SHA, when I connecto from XP Home x32 to the site the log says RC4-MD5. Perhaps this is specific to Vista x64…
My Vista and XP both have the most recent updates

]]> By: How Does Secure Socket Layer (SSL) Work? | LuxSci FYI | LuxSci FYI http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html/comment-page-1#comment-317 How Does Secure Socket Layer (SSL) Work? | LuxSci FYI | LuxSci FYI Thu, 12 Mar 2009 12:46:37 +0000 http://luxsci.com/blog/?p=623#comment-317 [...] Ciphers: SSL uses one of a large variety of possible “ciphers” to perform the symmetric encryption.  Use of a poor/weak cipher can result in fast SSL that is easily compromised.  Currently, it is recommended that one use 128-bit or stronger AES encryption as your cipher.  See: 256-bit AES Encryption for SSL and TLS: Maximal Security. [...] [...] Ciphers: SSL uses one of a large variety of possible “ciphers” to perform the symmetric encryption.  Use of a poor/weak cipher can result in fast SSL that is easily compromised.  Currently, it is recommended that one use 128-bit or stronger AES encryption as your cipher.  See: 256-bit AES Encryption for SSL and TLS: Maximal Security. [...]

]]>