473,320 Members | 1,949 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Configure SSL Encryption Strength

Short version:
Is there a way to configure (preferably programmatically) the max encryption
strength that will be used by the framework when connecting to a particular
SSL-protected web service?

Long version:
Historically, browsers could only be exported to certain countries if they
supported only 40 and 56 bit encryption; 128 bit was restricted. I believe,
based on my readings thus far, that this refers to the strength of the
symmetric key which is negotiated during the SSL handshake and subsequently
used on all data transferred during the session.

I also understand from my readings that the handshaking/negotiation process
attempts to automatically identify and use the strongest encryption supported
by both parties (and in fact, in older versions of SSL, the possibility of
intercepting and altering the support lists was a very real shortcoming of
the protocol).

The above suggests to me that there must be some means provided by the .NET
framework by which I can have control over the maximum strength which a
client application will report it supports to a web service hosted on a
server. Naturally, whether the server will allow that encryption strength is
left to the server configuration.

Unfortunately, I can find no documentation or other material about this
subject. Is there a way to control the max supported encryption strength
that the framework reports to the server? I am specifically speaking about
using the 2.0 framework and using a class deriving from
HttpWebClientProtocol. If there is another approach that would more easily
allow this capability, I'm all ears.

It might be useful to note that I am using client authentication; therefore
a client certificate is also involved. Is it possible that I am incorrect in
my assumptions that this would be controlled by the framework, and that it is
instead determined by content of the certificates? The certificates have
their own strength, but as I understand that is separately used by only the
private-key negotiation process.
Feb 28 '07 #1
1 3050
For anybody who reads this thread, I just came accross something that
suggests the encryption strength may in fact be dictated by the key length of
the server/client certificates. Assuming I can trust this article, I guess
my question is thus answered.

From
http://www.microsoft.com/technet/pro...y/c06iis.mspx:

"When a user attempts to establish an SSL session with your Web server, the
user's browser and the server use the bit length of their encryption keys to
determine the strongest level of encryption possible. If the encryption keys
use 512 bits, the level of encryption is set to 40 bits. If the encryption
keys use 1024 bits, the level of encryption is set to 128 bits. Other key bit
lengths and encryption levels are available."
Mar 1 '07 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: dracolytch | last post by:
Hey gang, I need to do some encryption/decryption on some strings, so that I can pass information in the URL in plain sight. Unfortunately, I have little control over this particular server, so...
34
by: Blake T. Garretson | last post by:
I want to save some sensitive data (passwords, PIN numbers, etc.) to disk in a secure manner in one of my programs. What is the easiest/best way to accomplish strong file encryption in Python? ...
113
by: Bonj | last post by:
I was in need of an encryption algorithm to the following requirements: 1) Must be capable of encrypting strings to a byte array, and decyrpting back again to the same string 2) Must have the same...
14
by: Xarky | last post by:
Hi, I would like to enrypt and decrypt a simple line of text, with a private(symmetric) key. I have tried searching in the System.Cryptography class, but I can't find a simple way of doing this...
14
by: david | last post by:
I have developed web forms including login by using ASP.NET via HTTP. Now I want to secure the connection from client to the server via HTTPS. How can I configure the server or something else to...
2
by: DarthPeePee | last post by:
Hello everyone. I am working on a Password Strength Meter and I am running into 1 problem that I would like to fix. When pressing the "Clear Password & Try Again" button, the password clears...
0
by: improvcornartist | last post by:
Does anyone know how/where to go about testing the strength of an encryption? For example, if the encrypted string is bunzezecnuadnhyyycjpcobedujcbtoycbwabx...
3
by: 2803stan | last post by:
Using V9 for LUW, client-server, there is an option when configuring the connections to use "server-encrypt." It seems that this encrypts everything in the client-server interchange. Does...
3
by: Toby Webb | last post by:
Hi, can anyone help please? I am trying to get infromation from my wireless card, such as signal strength and a list of SSIDs that it can see. I have been able to get the signal strength (see...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.