Can someone set me straight because I know that Domino supports generating leyrings for 256-bit encryption (SSL/TLS-SL_RSA_WITH_AES_256_CBC_SHA).
When I create a keyring used for the CSR, I cannot select anything higher than 2048 bits. I’m still getting 128-bit encryption (no good)!?! The ordered certificate is supports 256-bit. Any ideas?
Subject: You’re confusing the RSA key size with the symmetric key size
The algorithm ((SSL/TLS-SL_RSA_WITH_AES_256_CBC_SHA) determines that a 256 bit AES bulk key will be used. The RSA keys and X.509 certificate placed in the keyring file determine the RSA key size. The two values are not connected or related in any fashion. Have you tried disabling all of the ciphers but AES-256? You might also want to check your web browser and see if it supports 256 bit AES ciphers; some browsers don’t or aren’t configured to support 256 bit keys by default.
Subject: Forcing 256-bit encryption (HTTP)
I will try disabling at the browser-level. We’ve tested chrome, IE8 and the latest FF and all report 128-bit. Can you force 256-bit at the server level? Notes.ini setting, etc.? Thanks in advance.