[10667] in bugtraq
Re: ICSA - Certified Sites and Criteria Issues
daemon@ATHENA.MIT.EDU (Simon Liddington)
Fri May 28 14:27:37 1999
Message-Id: <m27lptecaj.fsf@hartley.ecs.soton.ac.uk>
Date: Fri, 28 May 1999 11:09:08 +0100
Reply-To: Simon Liddington <sjl96v@ECS.SOTON.AC.UK>
From: Simon Liddington <sjl96v@ECS.SOTON.AC.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Lucky Green's message of "Thu, 27 May 1999 16:06:17 -0700"
Lucky Green <shamrock@NETCOM.COM> writes:
> Sure, a server can be specifically configured to not allow access by 40 bit
> browsers, but the overwhelming majority of 128 bit capable websites support
> both 128 and 40 bit crypto and will automatically use the highest strength
> supported by the browser. No incompatibility issues are introduced by
> enabling full-strength crypto.
In my experience with Netscape and apache-SSL the lowest strength
cipher (apart from no cipher at all) is used. Unless you disable the
weaker ciphers in Netscape, netscape tries them first and will connect
if the server allows them.
Of course this doesn't invalidate your statement that there is no
problem with enabling full-strength crypto, but it does mean there is
also little to gain by doing so.
Simon
--
-----------------------------------------------------------------------
| Simon Liddington | |
| E-Mail : sjl96v@ecs.soton.ac.uk | Tel (work) : +44 (0)1703 592422 |
-----------------------------------------------------------------------
