Yes, we also offer certificates with true 128 bit / 256 bit encryption, but we deliberately do not provide them. Read on to find out why:

Usually you have to differentiate how much encryption a certificate can offer. In addition to the certificate used, the maximum encryption depends above all on the browser and server software used.

If a certificate supports 128 bit, but the requesting browser only supports 40 bit, the certificate will also only work with 40 bit, this is called fallback, the automatic reduction of the encryption strength depending on the technical conditions. The same applies of course to servers with weaker encryption.

For a long time export restrictions existed on the part of the USA, which only allowed a maximum encryption of 40 or 56 bit in countries outside the USA. While these restrictions have meanwhile been lifted for large parts of the world, including Germany, there are still countries that are only allowed to encrypt with 40 or 56 bit or even not at all.

Thawte (a subsidiary of VeriSign) offers so called Server Gated Cryptographic (SGC) SuperCerts for such browsers with 40 or 56 bit restrictions. By activating a flag in the export-restricted browsers, the Server Gated Cryptographic (SGC) SuperCerts can be set to 128 bit (often also called step up technology). These certificates cost about twice as much as the normal certificates (our Platinum product line) and are of course also available from us on request.

Otherwise all our certificates offer the maximum usual 128 bit encryption, even in connection with the latest browsers and servers (Firefox from 1.0, Internet Explorer from 7.0 and Apache from 2.0) 256 bit. However, since no standard has yet been established here, the certification authorities are still very cautious about definitive statements about the usability of 256 bit.

VeriSign offers the same products as Thawte, but these certificates cost about twice as much. While most certification authorities state the maximum possible encryption strength when comparing their products, VeriSign states the minimum possible encryption strength on its side. Through the step-up technology described above, which guarantees 128 bit encryption for certificates for export restricted browsers (VeriSign calls these certificates Secure Site Pro) in any case, VeriSign has introduced the concept of genuine 128 bit encryption for their step-up certificates, because the normal certificates would fall back to 40 bit for export restricted browsers and would therefore not always be able to offer 128 bit, which for VeriSign is then false 128 bit. Please read the following article.

The necessity of using certificates for export-restricted browsers, i.e. countries still subject to US regulations, as well as browsers still in use at the time (Internet Explorer 4.0 and Netscape 4.06 or older) must be assessed by you on the basis of your expected visitors, but as a rule you are completely right when deciding on a normal SSL certificate and only the maximum possible encryption, which is 128 or 256 bit for all our certificates, counts.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert