Re: OPENSSL
I'm using a 128-bit-cert. But browsers that support less encryption
(e.g. IE that comes with WinNT4) can't access my SSL-pages because
the encryption doesn't allow degration. Is there any way to solve
this prob? Using Apache with an official SSL-cert.
PS: This just came to my mind when you said "step-up" - cause in my
case it would be a "step-down", right?
On 10 Jun 2003 at 21:49, Berin Lautenbach wrote:
> Reckhard, Tobias wrote:
> > There are web browsers that will negotiate 128 bits only if the
> > certificate presented by the web server is a "step-up certificate".
> > I'm not sure what makes a certificate a step-up certificate,
> > however, nor if this restriction still applies to current browsers.
>
> The step up involved the browser checking the signer was a legitimate
> CA to sign a step-up cert and then performing the re-negotiation. The
> restriction disapeared when the crypto export laws were all relaxed.
> You have to go a fair way back (few years) to get a browser that still
> only supports 128bit symmetric in SGC mode.
Reply to:
- References:
- RE: OPENSSL
- From: "Reckhard, Tobias" <tobias.reckhard@secunet.com>
- Re: OPENSSL
- From: Berin Lautenbach <berin@ozemail.com.au>