Why do many SSL Certificate vendors advertise a 128/256Bit encryption support?

Question

I was wondering why vendors of SSL-Certificates always say, that their certificate supports 128/256-Bit AES-Encryption?
I mean, the symmetric encryption is something that happens between a webbrowser and a webserver - and has nothing to do with the SSL-Certificate itself (as also no information about symmetric encryption is saved in the certificate...).

Can anyone explain to me, why these companies advertise with this statement?
Is it just good marketing? Or is there a real functional reason behind?

Examples see here:
http://www.startssl.com/?app=39
https://www.symantec.com/theme.jsp?themeid=verisign-ssl-certificates&inid=vrsn_symc_ssl_Buy

Answer 1

As you suspect, it's just marketing. Which symmetric ciphers are available depends entirely on the web browser and server and has nothing to do with the certificate itself.

Answer 2

(Late but I want to use as a reference, and anyway it's still searchable.)

TLDR It's hype now but in the past it did mean something.

Yes, today SSL/TLS symmetric crypto strength is independent of the server cert. But not always.

Back in the 1990s when some governments especially the US had legal restrictions on encryption, there was a period when "strong" encryption in SSL was allowed only with "approved" (mostly bank) servers identified by certs using Server Gated Cryptography aka SGC. After the legal restrictions were eased there was a transition period when SGC certs were still of some value to support users with older browsers and systems, but since roughly 2005 this feature has been basically useless, or even dangerous by allowing people with obsolete and unsafe software to avoid upgrade.

Currently google SSL SGC finds me three major CAs confirming SGC is obsolete and unnecessary, and two offering it as good but only mildly so: Thawte says "certain older browsers and operating systems [need SGC]" and InstantSSL/Comodo says it "upgrade[s] encryption [for] older browsers" or "... for visitors that are using old and outdated browsers". There is one, Trustico/Symantec, that claims "millions still use older computer systems" such as IE 4, Netscape 4, and Windows 2000, which I find implausible.

So in the past CAs could legimately claim their certs enabled strong symmetric crypto. Today it's at best a meaningless residue.

Answer 3

It's worth mentioning that the implementations of RSA and AES differ in their security strength.

From wikipedia:

For AES-128, the key can be recovered with a computational complexity of 2^126.1 using the biclique attack. For biclique attacks on AES-192 and AES-256, the computational complexities of 2^189.7 and 2^254.4 respectively apply. Related-key attacks can break AES-192 and AES-256 with complexities 2^176 and 2^99.5 in both time and data, respectively.

Although an RSA 1024 bit key is technically large enough to use to exchange keys usable for AES-128; it isn't as strong, and using it for key exchange exposes the AES key to attackers.

Certificates also have key usage properties, which determine if this type of key exchange is allowed.