Does IE6 Support AES 256 bit encryption?

StackOverflow https://stackoverflow.com/questions/97421

  •  01-07-2019
  •  | 
  •  

Question

Will IE6 negotiate a 256 bit AES SSL connection if the server is capable?

Was it helpful?

Solution

Sometimes there is just a plain and simple way of finding out. If you look at the internet explorer help > about internet explorer, it will tell you the max cipher bits that it supports, and on IE6 its 128.

OTHER TIPS

Actually, from what I have seen, IE6 does not support any AES.

http://www.raritan.com/helpfiles/ccsg42/en/1926.htm

3DES, RC4, AES, those are all 128, 168, 256 bit stuff. SHA and Blowfish are all 512 bit or less. The "2048 bit" key exchanges someone quoted on Linux is different.

IE7 and IE8 support AES but only on Vista or better. I've confirmed that they don't on Windows XP. Best IE8 on XP does is RC4 or 3DES. Even though my IE8 cypher strength is "128 bit", I can go to a secure website and connect via:

TLS 1.0, Triple DES with 168 bit encryption (High); RSA with 2048 bit exchange

Hmmm. Looks like Windows is rocking 2048 bit encryption, too, on a browser that only claims to handle 128 bit!

I know this is a really old topic but it came up when I was searching this very same thing so hopefully this information will be useful.

Possibly, I can't work out for sure yet, but what I can tell you is AES256 appears to be restricted by US Export restrictions on high-security cryptography, and for this reason, some platforms may lack this capacity.

Also, upon further searching, msdn pages ( such as this one ) seem to point to AES support ( period! ) being only available since Vista / IE7.

No news yet whether or not MS decided to backport it, but it looks dubious.

The about dialog in Internet Explorer 6 on Windows XP with SP3 states cipher support as 128-bit.

IE6 definitely does not support AES256. I know because I have finally stopped users with IE6 on a site I administer by limiting the SSLCipherSuite in Apache 2 to exclude MEDIUM ciphers. The Apache documentation says "MEDIUM" means ciphers with 128 bits.

So now we have the following in the Apache configuration, and this will exclude IE6 users:

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXP:!NULL

The same configuration string will also work for Tomcat in the server.xml file, in a Connector, with the SSLCipherSuite parameter:

e.g.

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
            maxThreads="150" minSpareThreads="25" scheme="https" secure="true" 
            keystorePass="xxxxxxxx"
            clientAuth="false" sslProtocol="TLSv1.2" 
            SSLCipherSuite="ALL:!ADH+DH:!RC4:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT"
            enableLookups="false" redirectPort="8443" acceptCount="100"
            connectionTimeout="20000" disableUploadTimeout="true"
            allowTrace="false" />
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top