Comments on: Redirect HTTP to SSL with IIS http://www.bohack.com/2008/12/redirect-http-to-ssl-with-iis/ Check In and Tune Out! Fri, 28 May 2010 05:16:49 +0000 hourly 1 http://wordpress.org/?v=abc By: Bohack http://www.bohack.com/2008/12/redirect-http-to-ssl-with-iis/comment-page-1/#comment-80 Bohack Tue, 30 Dec 2008 15:06:06 +0000 http://www.bohack.com/?p=141#comment-80 My personal recommendation is to check 128 bit encryption most all browsers today support 128 bit encryption. I think that with Internet Explorer 4.0 it became a standard feature and in Windows NT 4.0 Service Pack 4 it was in the standard service pack for the OS to support it. I can't remember it was too long ago either way it was almost 10 years ago, todays browsers can support 128 bit, the only motivation for not checking it is CPU power on the server. As for the strength of the key that has nothing to do with the strength of the encryption. The certificate has been signed with a 1024 bit signature for authentication purposes, that is only the first stage of SSL. During the IKE or Internet Key Exchange the browser and the server will use the key and the Diffe Helman algorithm to create a mutual SSL key and strength that is where that check box is relevant. My personal recommendation is to check 128 bit encryption most all browsers today support 128 bit encryption. I think that with Internet Explorer 4.0 it became a standard feature and in Windows NT 4.0 Service Pack 4 it was in the standard service pack for the OS to support it. I can’t remember it was too long ago either way it was almost 10 years ago, todays browsers can support 128 bit, the only motivation for not checking it is CPU power on the server.

As for the strength of the key that has nothing to do with the strength of the encryption. The certificate has been signed with a 1024 bit signature for authentication purposes, that is only the first stage of SSL. During the IKE or Internet Key Exchange the browser and the server will use the key and the Diffe Helman algorithm to create a mutual SSL key and strength that is where that check box is relevant.

]]> By: Andre Alexanian http://www.bohack.com/2008/12/redirect-http-to-ssl-with-iis/comment-page-1/#comment-79 Andre Alexanian Tue, 30 Dec 2008 08:23:20 +0000 http://www.bohack.com/?p=141#comment-79 Thanks for your help.... this works great. One question, if my cert is 1024 bit, should I check the box to require 128 bit encryption? Thanks Andre Alexanian Thanks for your help…. this works great. One question, if my cert is 1024 bit, should I check the box to require 128 bit encryption?

Thanks

Andre Alexanian

]]>