I'm trying to create a self signed certificate for use with Apache Tomcat 6. Every certificate I can make always results in the browser connecting with AES-128. The customer would like me to demonstrate that I can create a connection at AES-256.
I've tried java's keytool and openssl. I've tried with a variety of parameters, but can't seem to specify anything about the keysize, just the signature size.
How can I get the browser-tomcat connection to use AES-256 with a self signed certificate?
danivo, so long as the server's cert is capable of AES encryption, the level of encryption between the browser and the server is independent of the cert itself -- that level of encryption is negotiated between the browser and server. In other words, my understanding is that the cert doesn't specify the level of encryption, just the type of encryption (e.g., AES). See this link (PDF) for verification of this, and how the cert resellers upsell "256-bit-capable" certs despite the cert not being what determines 256-bit capability.
So you're just fine with the cert you have that supports AES-128 -- and they key is to figure out how to get Tomcat to support AES-256 (since most, if not all, major browsers certainly support it).
The strength of the SSL connection is negotiated between the browser and the server (or whatever is providing SSL). It might be their browser asking for a weaker cypher. Have they ever seen a 256-AES SSL connection on this browser? AES-128 is still a very secure algorithm, so unless they have something that they want to protect from off line (think: supercomputer brute force generating 2^128 keys wikipedia) attack, 128-bit should be fine. If they really need that much protection, they probably should be using a more stable solution for data access than a website, a secure ssh tunnel to their server is bulletproof (you can tell them they can have their 256-bit AES and 4096-bit RSA too), or a vpn depending upon implementation.
Okie doke, I think I just figured this out.
As I said above, the key bit of knowledge is that the cert doesn't matter, so long as it's generated with an algorithm that supports AES 256-bit encryption (e.g., RSA). Just to make sure that we're on the same page, for my testing, I generated my self-signed cert using the following:
keytool -genkey -alias tomcat -keyalg RSA
Now, you have to make sure that your Java implementation on your server supports AES-256, and this is the tricky bit. I did my testing on an OS X (OS 10.5) box, and when I checked to see the list of ciphers that it supported by default, AES-256 was NOT on the list, which is why using that cert I generated above only was creating an AES-128 connection between my browser and Tomcat. (Well, technically, TLS_RSA_WITH_AES_256_CBC_SHA was not on the list -- that's the cipher that you want, according to this JDK 5 list.)
For completeness, here's the short Java app I created to check my box's supported ciphers:
import java.util.Arrays;
import javax.net.ssl.SSLSocketFactory;
public class CipherSuites {
public static void main(String[] args) {
SSLSocketFactory sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault();
String[] ciphers = sslsf.getDefaultCipherSuites();
Arrays.sort(ciphers);
for (String cipher : ciphers) {
System.out.println(cipher);
}
}
}
It turns out that JDK 5, which is what this OS X box has installed by default, needs the "Unlimited Strength Jurisdiction Policy Files" installed in order to tell Java that it's OK to use the higher-bit encryption levels; you can find those files here (scroll down and look at the top of the "Other Downloads" section). I'm not sure offhand if JDK 6 needs the same thing done, but the same policy files for JDK 6 are available here, so I assume it does. Unzip that file, read the README to see how to install the files where they belong, and then check your supported ciphers again... I bet AES-256 is now on the list.
If it is, you should be golden; just restart Tomcat, connect to your SSL instance, and I bet you'll now see an AES-256 connection.