What is the maximum strength of a wildcard SSL certificate

ssl ssl-certificate

i had an interesting conversation with a bank IT security employee, and they raised a few questions.

What is the maximum strength/bit length of a wildcard domain certificate?

Are they as secure? (in the encryption sense)


You can make certificates pretty strong, however not all browsers support encryption that strong. 16384 bits is valid, though getting a commercial certificate authority to issue one is another matter.

Fundamentally, wildcart certs are no different than non-wildcard certs from a technical point of view; they just have a "*." in their subject line.

Update:

Based on your comment, the bank person you were talking to is of the opinion that the stream cipher is restricted to 40-bit for wildcard certificates. This is not the case. My old job uses a wildcard certificate for most of their web-presences, and a little work with openssl shows that the cipher on those certs is "RC4-MD5" which is a 128-bit cipher.

The 40-bit limit may have been a limit with other SSL suites in webservers, browsers, or certificate-authority infrastructures, but is no longer a limit.

Related

Is it possible to route requests to different applications via Content-Type?
Is there a way to disable outgoing ARP requests on the wan interface on a sonicwall TZ 210
Move all files to their own folder
Logging into IMAP (Dovecot) server
Group Policy Preferences in Server 2008 R2
How to restrict members of a certain group to one login per user?
Is it safe to reboot a Windows 2003 certificate authority server? What problems might occur?
PTY allocation request failed on channel 0
How to configure Squid with for authentication but skip it for local requests?
Managing laptops and desktops in the organization and pushing windows updates to them
Creating a bootable PXE image from a dos utility firmware updater
What is the fastest way to remove thousands of files on a btrfs filesystem?