Firewall Wizards mailing list archives
RE: SSL and negotiated key strength
From: "Scott, Richard" <Richard.Scott () BestBuy com>
Date: Mon, 21 May 2001 09:12:03 -0500
<snip> the global certificates use Server Gated Cryptrography (which l think was developed by Microsoft - so there is part of the problem)...this allows the customers browser to be upgraded to 128bit.. the problem with your configuration is, as is with mine, you use Apache. Apparently because it is open source, there are many versions of it and Verisign (l use Esign certs which is the Aust. subsidiary of Verisign)do not gaurantee that these certs will work. You can get them to work but this requires determining which part of the Apache configuration is not understanding SGC. l have an added problem as we use Stronghold as well...l had to drop down to standard certs to get it to work as it wouldn't work at all with 56 bit... </Snip> The Problem that I am seeing is two fold, I'm playing around with apache to get that sorted, and I have read the numerous issues that comes with Global Certs and non MS products. But the other issue is that MS IIS server isn't stepping up (using IE5) either. I know in IIS that you can enforce 128bit encryption, but I don't want to do that on the client side. Does anyone have ay suggestions on how to ensure SGC on IIS to make clients step up to 128bit? Cheers R. Richard Scott Information Security ? Best Buy World Headquarters 7075 Flying Cloud Drive Eden Prairie, MN 55344 USA The views expressed in this email do not represent Best Buy or any of its subsidiaries. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- SSL and negotiated key strength Scott, Richard (May 10)
- Re: SSL and negotiated key strength Rich Wilson (May 11)
- <Possible follow-ups>
- RE: SSL and negotiated key strength Graeme Rider (May 11)
- RE: SSL and negotiated key strength Scott, Richard (May 21)
- RE: SSL and negotiated key strength Graeme Rider (May 22)