Anyone know of a website which implements AES? [Archive]

View Full Version : Anyone know of a website which implements AES?

thorin

10-05-2007, 03:47 PM

I'm looking for a few websites which implement AES for their session encryption via HTTPS (SSLv3 or TLS), does anyone know of any?

blackfoot

10-05-2007, 05:40 PM

That's a really interesting question and I considered it for half-an-hour.

I cannot say I have a way of finding out. certainly most should have now enabled use because we were discussing adoption back in 2000 but as to find out which ones I don't know...apart from the obvious setting up an Apache box. All the new browsers should have it enabled.

I will think about it over the weekend. Apologies for not being able to point in the right direction yet, though I pretty much guess your resources are the same as mine.

thorin

10-05-2007, 06:43 PM

I'm pretty sure you used to be able to tell in Firefox if you hovered over or double clicked the little Lock icon in the status bar.

Edit: Found one, ThinkGeek uses AES-256 :)

Hmmm the forums resized it to height=280 so it's hard to read, if you zoom you'll be able to see.

blackfoot

10-05-2007, 06:59 PM

Oh well done.

That is interesting...so...next step? Can I help?

thorin

10-05-2007, 08:07 PM

I'm just hunting for a few more.

The reasoning is pretty un-exciting (SORRY!) I'm just trying to gather some amunition for an argument/debate with collegues that I know is going to happen next week :)

blackfoot

10-05-2007, 08:21 PM

Excitement is not a priority.

I will look over the weekend.

The ones I considered so far all stick with original certificates either RSA or DSA

Regards
C

elazar

10-08-2007, 03:00 AM

ASP.NET(specifically version 2) supports AES for state management(viewstate), though it would be impossible to tell by looking at the page, you would need to see the web.config of the site in question. See http://msdn2.microsoft.com/en-us/library/ms998288.aspx

E

wyze

11-03-2007, 12:55 AM

I've implemented it on my personal webserver... pretty e-z to do:

openssl genrsa -aes256 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
cp server.key server.key.secure
openssl rsa -in server.key.secure -out server.key
chmod 400 server.csr
chmod 400 server.crt
chmod 400 server.key
chmod 400 server.key.secure

The mv them into the proper apache/httpd directories :cool:

thorin

11-05-2007, 04:22 PM

Thanks swc666

wyze

11-11-2007, 11:38 AM

Thanks swc666

Any time thorin: my brain is Open Source :D