How to make sure TLS is using AES 256

Question

I am trying to establish a secure TLS connection between my system and a third party API. Third party mandates that I have to use AES 256 for all communication, Now I have installed a X509 certificate on my root machine store. How I can make sure that the communication happening between two systems are always with AES?

When I checked the signature algorithm for my certificate in Mozilla firefox I can see that it is using RSA Does it have anything to do with my scenario? In-order to make AES encrypted conversation does my Certificate should posses a AES Signature algorithm?

Answer 1

Third party mandates that I have to use AES 256 for all communication

Typically your TLS client will negotiate with the server and will settle on an encryption method/level they both support.

If your third party requires a minimum encryption level they should simply configure their API servers accordingly: when the API server is configured correctly it simply will not accept any insecure encryption ciphers/levels and you won't really have to do anything at all from your side...

If they say you should use strong encryption but are incapable of configuring their servers correctly to actually enforce that, then you may need to configure your client to use a specific set of ciphers/encryption levels and/or maybe force cipher negotiation in a specific order to ensure that you use the right level of security.
How to that depends on the specific TLS client / library / software that you use to communicate with that API.

the signature algorithm for my certificate is RSA

In general the signature algorithm for the certificate does not pose any limits on the encryption levels and ciphers that can be used to secure the communications channel between the client and the server.