Does Google App Engine support 256-bit SSL certificates?

Question

I've installed a certificate for a Google App Engine project using Virtual IP (VIP) as explained here: https://developers.google.com/appengine/docs/ssl

The certificate will use 256-bit encryption if the server supports it, but is currently using 128-bit encryption. Is there anyway to get it to use 256-bit encryption instead? I have not been able to find anything about it in the documentation or anywhere else.

Answer 1

The handshake protocol and symmetric cipher used are chosen by the server after the client presents a list of acceptable ciphers; Google does not offer a way to alter their cipher preference.

App Engine appears to preferentially choose RC4-SHA (which pretty much anything that knows TLS 1.0 is going to have available) with an RSA key exchange. This was likely chosen to speed up the handshake (non-ephemeral Diffie-Hellman handshakes are up to 2x faster), minimize CPU use, and as a mitigating control for the BEAST attack against TLS 1.0 + CBC AES.

You're not sacrificing any significant security due to their selection of RC4-SHA, although it is interesting that they don't use ephemeral Diffie-Hellman or ECDHE key exchange for perfect forward secrecy given their public statements about using it on their other properties.

Answer 2

The word from the App Engine team:

"We only accept certificates with RSA keys with a minimum size of 1024 bits.

The certificate is only used verify identity, while the data communications over the SSL channel are encrypted with the 'best' symmetric cipher commonly supported between the client and server.

Our servers support a whole bunch of symmetric ciphers, but we prefer AES128 over AES256. If a client only supports AES256 then we'll use it."