locked
The Certification Authority/Browser Forum has mandated that Certification Authorities discontinue supporting anything less than 2048-bit certificates for SSL by the end of December 2013 RRS feed

  • Question

  • The Certification Authority/Browser Forum has mandated that Certification Authorities discontinue supporting anything less than
    2048-bit certificates for SSL by the end of December 2013.

    What is the potential impact on SQL Server products that use less than 2048-bit key length SSL certificate?

    Thursday, October 3, 2013 9:40 PM

Answers

  • Hello,

    SSL use a asymmetric cryptography authenticate the hosts and establish trust between the client and server typically.The asymmetric key will be RSA with key sizes of 1024, 2048, or 4096. The key size doesn't really affect the symmetric that is used.Longer key lengths are better, but only up to a point.

    Microsoft Security Advisory had update the minimum certificate key length.This update will block cryptographic keys that are less than 1024 bits long. Waht's more, as RSA Security claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030.

    So currently, it is better to use RSA algorithm with a 2048 bit key length for SQL Server.if you're encrypting a large amount of data, the recommendation is to encrypt using a symmetric key algorithm and to protect that algorithm's key using an asymmetric encryption algorithm

    Reference:
    http://www.mssqltips.com/sqlservertip/2990/understanding-the-importance-of-key-length-with-the-sql-server-asymmetric-encryption-algorithms/
    http://technet.microsoft.com/zh-cn/library/cc837966(v=sql.100).aspx

    Regards,
    Fanny Liu


    Fanny Liu
    TechNet Community Support


    • Marked as answer by Fanny Liu Thursday, October 10, 2013 1:32 AM
    • Unmarked as answer by Fanny Liu Thursday, October 10, 2013 1:37 AM
    • Edited by Fanny Liu Thursday, October 10, 2013 1:53 AM add more information
    • Proposed as answer by Fanny Liu Monday, October 14, 2013 11:04 AM
    • Marked as answer by Fanny Liu Tuesday, October 15, 2013 8:10 AM
    Tuesday, October 8, 2013 2:11 AM