473,382 Members | 1,541 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,382 software developers and data experts.

Configure SSL Encryption Strength

Short version:
Is there a way to configure (preferably programmatically) the max encryption
strength that will be used by the framework when connecting to a particular
SSL-protected web service?

Long version:
Historically, browsers could only be exported to certain countries if they
supported only 40 and 56 bit encryption; 128 bit was restricted. I believe,
based on my readings thus far, that this refers to the strength of the
symmetric key which is negotiated during the SSL handshake and subsequently
used on all data transferred during the session.

I also understand from my readings that the handshaking/negotiation process
attempts to automatically identify and use the strongest encryption supported
by both parties (and in fact, in older versions of SSL, the possibility of
intercepting and altering the support lists was a very real shortcoming of
the protocol).

The above suggests to me that there must be some means provided by the .NET
framework by which I can have control over the maximum strength which a
client application will report it supports to a web service hosted on a
server. Naturally, whether the server will allow that encryption strength is
left to the server configuration.

Unfortunately, I can find no documentation or other material about this
subject. Is there a way to control the max supported encryption strength
that the framework reports to the server? I am specifically speaking about
using the 2.0 framework and using a class deriving from
HttpWebClientProtocol. If there is another approach that would more easily
allow this capability, I'm all ears.

It might be useful to note that I am using client authentication; therefore
a client certificate is also involved. Is it possible that I am incorrect in
my assumptions that this would be controlled by the framework, and that it is
instead determined by content of the certificates? The certificates have
their own strength, but as I understand that is separately used by only the
private-key negotiation process.
Feb 28 '07 #1
1 3054
For anybody who reads this thread, I just came accross something that
suggests the encryption strength may in fact be dictated by the key length of
the server/client certificates. Assuming I can trust this article, I guess
my question is thus answered.

From
http://www.microsoft.com/technet/pro...y/c06iis.mspx:

"When a user attempts to establish an SSL session with your Web server, the
user's browser and the server use the bit length of their encryption keys to
determine the strongest level of encryption possible. If the encryption keys
use 512 bits, the level of encryption is set to 40 bits. If the encryption
keys use 1024 bits, the level of encryption is set to 128 bits. Other key bit
lengths and encryption levels are available."
Mar 1 '07 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: dracolytch | last post by:
Hey gang, I need to do some encryption/decryption on some strings, so that I can pass information in the URL in plain sight. Unfortunately, I have little control over this particular server, so...
34
by: Blake T. Garretson | last post by:
I want to save some sensitive data (passwords, PIN numbers, etc.) to disk in a secure manner in one of my programs. What is the easiest/best way to accomplish strong file encryption in Python? ...
113
by: Bonj | last post by:
I was in need of an encryption algorithm to the following requirements: 1) Must be capable of encrypting strings to a byte array, and decyrpting back again to the same string 2) Must have the same...
14
by: Xarky | last post by:
Hi, I would like to enrypt and decrypt a simple line of text, with a private(symmetric) key. I have tried searching in the System.Cryptography class, but I can't find a simple way of doing this...
14
by: david | last post by:
I have developed web forms including login by using ASP.NET via HTTP. Now I want to secure the connection from client to the server via HTTPS. How can I configure the server or something else to...
2
by: DarthPeePee | last post by:
Hello everyone. I am working on a Password Strength Meter and I am running into 1 problem that I would like to fix. When pressing the "Clear Password & Try Again" button, the password clears...
0
by: improvcornartist | last post by:
Does anyone know how/where to go about testing the strength of an encryption? For example, if the encrypted string is bunzezecnuadnhyyycjpcobedujcbtoycbwabx...
3
by: 2803stan | last post by:
Using V9 for LUW, client-server, there is an option when configuring the connections to use "server-encrypt." It seems that this encrypts everything in the client-server interchange. Does...
3
by: Toby Webb | last post by:
Hi, can anyone help please? I am trying to get infromation from my wireless card, such as signal strength and a list of SSIDs that it can see. I have been able to get the signal strength (see...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.