RE: OPENSSL

To: debian-security@lists.debian.org
Subject: RE: OPENSSL
From: "Reckhard, Tobias" <tobias.reckhard@secunet.com>
Date: Tue, 10 Jun 2003 13:00:59 +0200
Message-id: <[🔎] 96C102324EF9D411A49500306E06C8D102B13E56@eketsv02.cubis.de>

> I'm trying to generate a 40-bit certificate using OPENSSL.Can 
> anybody tell me if this is possible and with which package?

The RSA keys used in X.509 certificates are typically 1024 or 2048 bits in
length. What length the symmetric key used between two parties that have
authenticated via X.509 certificates (with RSA keys) to subsequently protect
their communication has, is not directly related to the certificate.

There are web browsers that will negotiate 128 bits only if the certificate
presented by the web server is a "step-up certificate". I'm not sure what
makes a certificate a step-up certificate, however, nor if this restriction
still applies to current browsers.

Cheers,
Tobias

Reply to:

Follow-Ups:
- Re: OPENSSL
  - From: Berin Lautenbach <berin@ozemail.com.au>

Prev by Date: Re[2]: apache
Next by Date: Re: OPENSSL
Previous by thread: Re: OPENSSL
Next by thread: Re: OPENSSL
Index(es):
- Date
- Thread