Is the supported encryption strength specified in SSL certificates?

Question

I have been trying to find the answer to this all day. I have googled, asked people in the know, trawled sites for SSL Cert vendors etc etc etc. Maybe my search-fu is just failing today. Anyway...

All the SSL cert vendors make claims that their SSL certificates 'support the highest level' of encryption. This high level that they refer to is 128bits to 256bits, as opposed to 40, 56 etc.

Now, as I understand it, there are two parts to SSL encryption. There is your asymmetric public key that you would typically set to 2048bits. It is clear that this is in the SSL cert and its length is obvious. The other part is the symmetric encryption keys that get passed after the initial handshake. I don't see any mention of this in any SSL certs.

The decision on which symmetric encryption algorithm is used is based on the cipher suites of the client(browser) and the server. If they both support 256bit encryption, then it will be used.

I do understand that in the 90's, the export restrictions were in place and exported browsers were restricted to 40bits. For this, there were special workarounds such as SGC certs. This is still needed on older browsers. That aside, a modern browser simply just supports 256bits.

It seems to me that the vendors claiming that their certs support 'high encryption' are just telling a white lie. Their certs do indeed support it as it has nothing to do with the cert itself (these days). Is this correct or am I completely off ball on this?

If I am indeed completely delusional and the symmetric encryption is specified in the cert, it should be possible to create a self signed cert that has this, right? Is it possible to create one that does not support strong encryption? It would help me understand if I could find instruction to do this. Is it possible? I have created many self signed certs before and sign CSR's with my own CA cert, yet I have never seen any configuration where you specify supported encryption strengths.

Looking around the intarwebs has not helped. People either talk about key strength in the context of the symmetric keys (40, 56, 128, 256) or they talk in the context of the asymmetric keys (512, 1024, 2048), but never about both and explain the difference. Someone in one forum will say you need to get a 256bit certificate and then in the next forum along someone says you need a 2048bit cert, even though all the SSL cert vendors claim to only support up to 256bit.

I get the impression there is a lot of misunderstanding out there about how this works. That or all the misunderstanding is in my poor head.

Sorry it was such a long one, but I want to understand this.

Thanks,

Tom...

Answer 1

OK, so I found the answer. Talk about answering your own questions! My brain was too frazzled on Friday so I missed this little tidbit.

From http://www.openssl.org/support/faq.html#USER14

14. What is a "128 bit certificate"? Can I create one with OpenSSL?

The term "128 bit certificate" is a highly misleading marketing term. It does not refer to the size of the public key in the certificate! A certificate containing a 128 bit RSA key would have negligible security.

There were various other names such as "magic certificates", "SGC certificates", "step up certificates" etc.

You can't generally create such a certificate using OpenSSL but there is no need to any more. Nowadays web browsers using unrestricted strong encryption are generally available.

When there were tight restrictions on the export of strong encryption software from the US only weak encryption algorithms could be freely exported (initially 40 bit and then 56 bit). It was widely recognised that this was inadequate. A relaxation of the rules allowed the use of strong encryption but only to an authorised server.

Two slighly different techniques were developed to support this, one used by Netscape was called "step up", the other used by MSIE was called "Server Gated Cryptography" (SGC). When a browser initially connected to a server it would check to see if the certificate contained certain extensions and was issued by an authorised authority. If these test succeeded it would reconnect using strong encryption.

Only certain (initially one) certificate authorities could issue the certificates and they generally cost more than ordinary certificates.

Although OpenSSL can create certificates containing the appropriate extensions the certificate would not come from a permitted authority and so would not be recognized.

The export laws were later changed to allow almost unrestricted use of strong encryption so these certificates are now obsolete.

This confirms what I am asking. In current times, there is no 'added support' for high strength encryption as it is the default. The usage on all the vendor websites is merely a marketing thing. Not lying, but needlessly bringing attention to the default values like it's a feature of theirs.