be Smart.
be Secure.
Phone: 800-441-6612

256-bit AES Encryption for SSL and TLS: Maximal Security

SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”.  The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”.  There are a large number of different ciphers — some are very fast and very insecure.  Some are slower and very secure.  Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.

AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES.  AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS).  It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.

This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.

More about AES

AES has been available in most cryptographic libraries for a long time.  It was available in “OpenSSL” starting in 2002 with v0.9.7.  OpenSSL is the foundation of most SSL services in UNIX and Linux environments, such as that used by LuxSci. GPG, the open source implementation of PGP, also include an AES 256 option.

So, while AES is the new kid on the block, it has been around long enough to permeate most software.  However, as we shall see, this does not mean that is its actually being used on your computer!

How Secure is 256-bit AES?

AES is FIPS (Federal Information Processing Standard) certified and there are currently no known non-brute-force direct attacks against AES (except some side channel timing attacks on the processing of AES that are not feasible over a network environment and this not applicable to SSL in general).  In fact, AES security is strong enough to be certified for use by the US government for top secret information.

The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.” (Lynn Hathaway, June 2003 – reference.)

If you have the choice of encryption methods, 256-bit AES is the method to choose.  Also good are 128-bit and 192-bit versions of AES.

The Beast Attack and SSL-secured web sites

For SSL used for web site traffic (as opposed to other things like IMAP, SMTP, encryption of files, etc.), there is an attack knows as The Beast. In this attack, people in a trusted location on your network can potentially break into your SSL session and eavesdrop on your communications.

The solution is to use TLS v1.1+ ciphers.  However, this BEAST is not considered an important attack vector anymore.


And there alternatives to AES?

There are many alternative ciphers that can be used in SSL and TLS. A good alternatives or additions to your cipher suite would include “3DES” (e.g. for compatibility with Windows XP).  We would not recommend using RC4 anymore, due to known weaknesses.  If you look at the list of ciphers recommended by FIPS/NIST for high security, they are all essentially AES or DES with various hashes, key exchange protocols, etc.

How is the cipher chosen in an SSL or TLS session?

In general, when an SSL client, such as an email program or web browser, connects to a server and wishes to use SSL or TLS, the client sends the server a list of encryption ciphers that it supports.  The server then goes through the list, in order, and chooses the first match that it also supports.  Usually, the client orders the list with the most secure methods first, so that the most secure method supported by both the client and server is selected.  Sometimes, the client orders the list based on other criteria to make a compromise between security and speed; this can result in a sub-optimal cipher being chosen.

Most modern web and email servers that support SSL encryption, like’s servers, support many different strong encryption techniques all the way up to 128-bit RC4 and 256-bit AES.  They provide a variety, instead of just a single really good method, so that users who have old or broken software can still take advantage of  encryption, even if it is weaker than it should ideally be.

Additionally, most companies that provide security services do not permit use of techniques that deemed are “too weak” and which can be broken very easily (like the old “export grade ciphers” that used to be in prevalent use).  So, if you are connecting to a reputable service provided over SSL or TLS, the type of encryption that will be used is almost certainly determined by your client program (i.e. email program or web browser) based on the options (and the order thereof) presented by the server.

What encryption techniques are supported by modern web browsers?

For any given web browser, it is easy to see what the best encryption technique it supports by browsing to the web site:

Checking out some of the current browsers available, we see:

Web Browser
Operating System Best Cipher Verdict?
Native Android Browser (LG G3) Android v4.4.2+ AES 256-bit Good!
Chrome v39+ Android v4.4.2+ AES 256-bit Good!
FireFox Mobile v8+ Android AES 256-bit Good!
Safari iOS v8+ (iPhone/iPad/etc.) AES 256-bit Good
Safari iOS v5.0.1 AES 128-bit Good
Safari iOS v2.2 AES 128-bit Good
Silk Kindle Fire RC4 128-bit Fair
FireFox v35+ Windows XP & Vista, Mac OSX AES 256-bit Good!
FireFox v8+ Windows XP & Vista, Mac OSX AES 256-bit Good!
FireFox v3.0.5 Windows XP & Vista, Mac OSX AES 256-bit Good!
Safari v8+ Windows Vista/7, Mac OSX AES 256-bit Good
Safari v5.1.2 Windows Vista/7, Mac OSX AES 128-bit Good
Safari v3.2.1 Windows Vista, Mac OSX AES 128-bit Good
Safari v3.2.1 Windows XP RC4 128-bit Fair
Chrome v40+ Windows Vista/7, Mac OSX AES 256-bit Good!
Chrome v15+ Windows Vista/7, Mac OSX AES 256-bit Good!
Chrome v1.x Windows Vista AES 128-bit Good
Chrome v1.x Windows XP RC4 128-bit Fair
Internet Explorer v11 Windows 7 AES 256-bit Good
Internet Explorer v9 Windows 7 AES 128-bit Good
Internet Explorer v9 Windows Vista RC4 128-bit Fair
Internet Explorer v7 & v8 Windows Vista AES 128-bit Good
Internet Explorer v8 Windows XP RC4 128-bit Fair
Internet Explorer v7 Windows XP RC4 128-bit Fair
Internet Explorer v6 Windows XP RC4 128-bit Fair
Opera v26+ Mac OSX AES 256-bit Good!
Opera v11.10+ Windows Vista AES 256-bit Good!
Opera v9.62 Windows XP & Vista AES 256-bit Good!

So, by default, only some browsers will take advantage of AES encryption, when available.  We also see that any program that uses the windows default SSL libraries, will use RC4 in Windows XP and 128-bit AES in Windows Vista.  So, anyone using Windows XP (or 2000) should really use a program that includes its own SSL cipher management (i.e. FireFox, Opera).

What encryption techniques are supported by modern email programs?

Asking this question about web browsers begs the question as to what is supported by the various email programs out there.  Clearly, if you are using a WebMail interface to your email, then the answer depends on what web browser you are using.

Note that email connections are not subject to The Beast attack.

We tested several popular email programs to see what encryption cipher they end up using when connected to a server like LuxSci’s that supports a variety of strong ciphers.1 Here are the results:

Email Program Operating System Verdict? Results
Mozilla Thunderbird v2+ Windows XP & Vista Good! 256-bit AES
Thunderbird v2+ Mac OSX v10.4.11 Good! 256-bit AES
Outlook 2010 Windows 7 Good! 256-bit AES
Outlook 2007 Windows XP Fair 128-bit RC4 is the best supported
Outlook 2007 Windows Vista Good 128-bit AES chosen (though 256-bit is there, it is not listed 1st in the program and thus not used)
Outlook 2003 Windows XP Fair 128-bit RC4 is the best supported Mac OSX v10.10 Good 256-bit AES Mac OSX v10.5.5 Good 128-bit AES chosen (though 256-bit is there, it is not listed 1st in the program and thus not used) Mac OSX v10.4.11 Good 128-bit AES chosen (though 256-bit is there, it is not listed 1st in the program and thus not used) iPhone v2.2 Good 128-bit AES chosen (though 256-bit is there, it is not listed 1st in the program and thus not used)
Eudora v7 Windows XP Good 256-bit AES
Eudora v8 Mac OSX v10.4 Good 256-bit AES
Entourage v12 Mac OSX v10.4 Fair DES

We see a similar pattern here. For most cases, the cipher used depends on the Operating System and not the program.  Some programs roll their own SSL (i.e. Thunderbird/Eudora) and some use the OS built-in libraries.  So, from this we can infer that any newer version of Outlook on Vista or Windows 7+ will go for at least 128bit AES, most things on Windows XP will use 128bit RC4, etc.

How to force use of 256-bit AES for secure web and secure email

As discussed above, the choice of email client is the prime determination of what encryption cipher will be used.  So, for example, if you use Mozilla Firefox or Opera for web browsing and Mozilla Thunderbird for email, you will be using 256-bit AES encryption, as long as it is supported by the server.

However, if you would like to go a step further and be sure that you do not make any secure connection unless 256-bit AES encryption is used, that is also possible.  This level of security is needed if your organization mandates that secure connections use 256-bit AES, or if you do not trust that all of the servers which you connect to will have good security ciphers in place.

It is also useful if the web sites that you are connecting to have prioritized RC4 over AES, but your know that your browser is safe from The Beast attack (e.g. you are using TLS v1.1+) and you would prefer AES.  Currently, the most recent versions of almost all all modern browsers (e.g. Internet Explorer, FireFox, Chrome, Opera) are safe from The Beast.  Also, old browsers will be affected by The Beast.

Following the instructions below, you can be sure that 256-bit AES will be used for all secure connections; the connections will flat out fail if the server doesn’t support this encryption technique.  If you have instructions appropriate for other operating systems or programs, please drop us a comment!

Note that if your remove RC4 cipher support, you may not be able to connect to some web sites — ones that require RC4 and do not present other options.  They are out there — the pizza place near our offices where we can order lunch online is one example.

Mozilla Firefox:

  1. Type “about:config” in the address bar to open up the detailed list of configuration parameters.
  2. Make sure that “security.tls.version.min” is “1” to turn off support for SSLv2 and SSLv3.
  3. Search for “security.ssl3
  4. Change to “false” the value for all ciphers that do not include “aes_256″ in the name (e.g. the RC4, camellia and des ones).  This will make them no longer available for use.
  5. You will be left with various versions of AES 256 with TLS v1.0+.
  6. You don’t even have to restart Firefox for this to take effect!

Note that there is a cool plugin for FireFox called “CipherFox” that allows you to view the cipher information for any site you are connected to.

Mozilla Thunderbird: (see also optimization tips for Thunderbird)

  1. Select “Options” from the “Tools” menu
  2. Under the “General” section of the “Advanced” tab of the resulting “Options” dialog box, click on the “Config Editor…” button.
  3. Follow the same instructions as for Firefox in terms of disabling SSL2 and SSLv3, and turning off all ciphers that do not include “aes_256″ in the name.
  4. Restart Thunderbird so that any persistent connections are broken and re-opened.
  5. Make sure that your email accounts are all configured to use SSL or TLS (not “if available”, but “always”).
  6. If possible at your email provider, disallow insecure connections to your account altogether.  This will make the connection fail even if the email program is accidently configured to make a secure connection.  (LuxSci allows this to be set on the user-level or to be enforced by policy account-wide).

Google Chrome

Chome generally uses whatever SSL support is available via your computer operating system. So, if you change the cipher order or remove RC4 via the operating system (see below), that should solve the issue for your in Chrome.

We have found that if you startup Chrome with some additional command line parameters, you force TLS v1.0+ and can block use of certain ciphers.  E.g. adding this to your Chrome shortcut (as the “Arguments”) or command-line

--ssl-version-min=tls1 --cipher-suite-blacklist=0x0005,0x0004,0xc011,0xc007

will block RC4 usage.

Internet Explorer

To disable RC4 or make AES256 be the main cipher, you will need to change the cipher support in your Windows Operating Sysem.  See below for how.


  • Off topic, but Skype uses 256-bit AES encryption, so if you use it for chat or voice calls, your data is also being encrypted in this fashion.

Windows Vista, Windows 7+

Windows Vista and higher, we have seen, does support 256-bit AES, but it publishes 128-bit first in the list and thus this is what is used by most applications in a Windows environment that rely on Windows’ built-in SSL libraries (i.e. Internet Explorer, Chrome, Outlook, etc.).

If you have Windows “Small Business Edition” or better, you can remove ciphers that you do not want and change the order of their presentation by using the “group policy editor”.  For example, to make 256-bit AES the default choice, rather than 128-bit AES or RC4, follow these instructions:

  1. Open your group policy editor by entering gpedit.msc at a command prompt.
  2. Choose Computer Configuration | Administrative Templates | Network | SSL Configuration Settings.
  3. There’s only one item here: SSL Cipher Suite Order. Open it.
  4. Select Enabled.
  5. Now here’s where you need to tread carefully. You’ll see that the list is the same as above, but rather than formatted nicely with carriage returns, they’re simply separated with commas. The first item in the list is:
    And the second item is:
    Cursor your way through the list. Change that first 128 to 256. Then cursor forward a bit more and change the 256 to 128.  (If you can’t edit or type — copy the value, paste it into Notepad, edit it there, then paste it back in the field).
  6. If you want to get rid of RC4 and other non-AES ciphers, so that your computer uses AES instead of RC4, and you know that your browsers are safe from The Beast, remove the RC4 items in the list as well. E.g. TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5, and SSL_CK_RC4_128_WITH_MD5
  7. Feel free to change other orders, too, but keep your changes within algorithm types.
  8. OK your way out, close the group policy editor, and reboot.

Similarly, you can use the same procedure to remove all ciphers that are not wanted and thus lock down Windows to AES-only encryption or 256-bit AES only encryption.

However, for those of us who have Home Basic or Home Premium Edition, there is no “group policy editor” (and if you copy it from another Windows, it won’t run) and it is thus much harder to make this change.  All of the settings that you would be changing above are found in the Windows Registry and can be changed directly therein.  We are not going to go into how to do this here, as it is not for the faint of heart. (See this link for more information on how to do this.)

If you are unsure what version of Windows you have, try the instructions, above, and see if the gpedit.msc brings up a dialog box.

Locking down your web site (in Apache)

If you are the owner of a web site and have SSL security on it, you can “lock it down” so that the only cipher that your web site supports is “256-bit AES”.  This takes the choice out of the end user’s hands — either they use AES or they don’t connect securely.  This is a good thing to do for very sensitive sites.  However, the “danger” is that some of your users may be using web browsers that do not support AES (like old versions Internet Explorer), and thus will not have any access to your site unless they change browsers.

To lock your site down to support 128-bit and 256-bit AES only (to get AES but not require 256-bit, so that some browsers like iPhone and such will work), you would add to your Apache httpd.conf file:

SSLCipherSuite AES256-SHA:AES128-SHA

This can be added globally, in a virtual host, or even in your .htaccess file.  It will ensure that any successful connection to your site will use one of these ciphers.  Just be sure to add it to the secure settings for your site and not just the insecure site area!  See more information here.

In general, for a high security configuration for Apache, you will want to support only TLS v1.0+ and only NIST-recommended cipher suites. See: what level of TLS is required for HIPAA.


AES encryption is the way to go when using SSL, if you have any choice about it.  It won’t really affect speed or performance as long as your computer is not ancient.  If you have qualms about security, we highly recommend using a web browser and/or email client that will enable use of AES (which these days includes all modern programs).

Note that SSL and TLS protect only the data sent between you and the server.  When you send and receive email, the message data travels over the Internet between the sender and recipient and will be unprotected, no matter how good your SSL is.  For details on this, read The Case for Email Security.  The solution in this situation, is to use an end-to-end email encryption solution, like LuxSci’s SecureLine, in addition to SSL (SecureLine protects the message content, SSL protects your username and password).

1 For actual email programs, we tested by running an “openssl” server on a secure IMAP port with debugging enabled.  This logged the encryption techniques (ciphers) shared by the client and server as well as the one chosen.

16 Responses to “256-bit AES Encryption for SSL and TLS: Maximal Security”

  1. Head to Head Battle of the Email Clients | LuxSci FYI Says:

    […] not support AES SSL encryption unless you are using […]

  2. Optimizing Mozilla Thunderbird | LuxSci FYI Says:

    […] Forced use of 256-bit AES with SSL/TLS:  If you are very security conscious or have a requirement for using only 256-bit AES encryption when connecting to your email, you can configure Thunderbird so that this is the only encryption mode that it will use.  See: "256-bit AES Encryption for SSL and TLS: Maximal Security". […]

  3. iPhone: The Ultimate Mobile Email Client? | LuxSci FYI Says:

    […] LuxSci FYI News, Solutions, and Insider Notes « 256-bit AES Encryption for SSL and TLS: Maximal Security […]

  4. How You Can Tell if an Email Was Transmitted Using TLS Encryption? | LuxSci FYI Says:

    […] that have TLS support, indicates that the message was encrypted during transport with TLS using 256-bit AES encryption. (”Verify=not” means that LuxSci did not ask MX Logic for a second SSL client […]

  5. How Secure are Password-Protected Files? | LuxSci FYI Says:

    […] the file is encrypted with strong encryption, such as AES, the hacker needs to guess the password […]

  6. Why isn’t a Blackberry Secure Enough for Barack Obama? | LuxSci FYI Says:

    […] Down the BlackBerry: While you can lock down a Blackberry to use services securely with SSL (secure enough for secret clearance), etc., unless you have some special modifications to the Blackberry software, it is always […]

  7. How Does Secure Socket Layer (SSL) Work? | LuxSci FYI | LuxSci FYI Says:

    […] Ciphers: SSL uses one of a large variety of possible “ciphers” to perform the symmetric encryption.  Use of a poor/weak cipher can result in fast SSL that is easily compromised.  Currently, it is recommended that one use 128-bit or stronger AES encryption as your cipher.  See: 256-bit AES Encryption for SSL and TLS: Maximal Security. […]

  8. Serge Fonville Says:

    I’m not sure how up to date this is, but:
    I am running apache 2.2 on Vista Home Premium x64 and have set SSLCipherSuite AES256-SHA:RC4-MD5 and when I connect to my website from the same system, the ssl access log shows AES256-SHA, when I connecto from XP Home x32 to the site the log says RC4-MD5. Perhaps this is specific to Vista x64…
    My Vista and XP both have the most recent updates

  9. Erik Kangas Says:


    There is nothing wrong or out of date here. The thing is that Vista supports AES256 and AES128, but given the choice of the two will pick AES128 for speed over security. XP doesn’t support AES at all by default.

    In your web server, you specified only 2 possible ciphers — and the only AES one you allow is AES256. Thus, given the choice between AES256 and RC4, Vista will happily choose AES256. XP will choose RC4 as it does not support AES. This is what you see. However, if you included AES128 in your list of allowed ciphers, then Vista would use that instead of AES256.

  10. Kevin Frederick Says:

    I have done the Mozilla AES-256 encryption method (editing the about:config) and now I cannot login Yahoo! Mail, this has never happened before and it had worked fine before I changed my config. I believe that Yahoo! Mail is safe enough to log on, yet I cannot do so.
    Here is the message I am receiving:

    Secure Connection Failed

    An error occurred during a connection to

    Cannot communicate securely with peer: no common encryption algorithm(s).

    (Error code: ssl_error_no_cypher_overlap)

    * The page you are trying to view can not be shown because the authenticity of the received data could not be verified.

    * Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

    Any ideas?

  11. Erik Kangas Says:

    Looks like Yahoo! Mail doesn’t support AES 256 encryption — so by restricting your browser to using it you have loced yourself out of Yahoo! Mail. Your choice is to either give up on the higher strength security so you can use Yahoo! Mail, or move to another email provider (like LuxSci) that does.

  12. Derek Says:

    According to TechNet IE on Vista/Windows 7 supports AES-256.


  13. Erik Kangas Says:

    Note that while they support it, they will choose 128-bit over 256 bit when both are available on the server side. So, if you are connecting to a site that is not 256-bit only, these systems will use only 128-bit AES. Microsoft judges that the speed up using 128-bit is more important than the security of using 256-bit.

  14. Secure Web Pages and Secure Web Forms: Steps to Security | LuxSci FYI Says:

    […] You can modify your web server configuration so that only levels of encryption that you approve can be used to access your site.  For more information, see 256-bit AES Encryption for SSL and TLS: Maximal Security. […]

  15. Nord Says:

    Although AES won the world-wide competition for a new security standard to replace DES (and 3DES), it is not the only good encryption standard.

    Two other competitors receive uniformly good marks: Blowfish (128) and TwoFish (its successor).

  16. How to surf safe in today’s digital world? « Ovidiu Bernaschi's Blog Says:

    […] first I really think you should read this article if you’ve got a basic understanding of Internet encryption. Towards the end of the page, […]

Leave a Comment

You must be logged in to post a comment.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries