I developed an ASP.NET web application which handles sensitive data. I would really like to use 256 bit SSL encryption, but it seems that IIS only supports 128 bit.
Is it somehow possible to get 256bit encryption?
If not, why not and will it be possible in IIS 7.5 or 8.0?
Thanks for help
Don't switch from AES-128 to AES-256. An attack has been found on the latter, that reduces the complexity to an equivalent of 119 bits:
http://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html
Nevertheless, both algorithms are insanely strong for today's standards. There are probably other attack scenarios that are much more likely than a fault on the crypto itself.
Don't worry about the AES-256 attack. It's a related key attack and thus not applicable to HTTPS.
But the commenter is correct that both are sufficiently strong that you shouldn't worry.
