On Fri, May 28, 1999 at 11:09:08AM +0100, Simon Liddington wrote: > Lucky Green <shamrockat_private> writes: > > > Sure, a server can be specifically configured to not allow access by 40 bit > > browsers, but the overwhelming majority of 128 bit capable websites support > > both 128 and 40 bit crypto and will automatically use the highest strength > > supported by the browser. No incompatibility issues are introduced by > > enabling full-strength crypto. > > In my experience with Netscape and apache-SSL the lowest strength > cipher (apart from no cipher at all) is used. Unless you disable the > weaker ciphers in Netscape, netscape tries them first and will connect > if the server allows them. A client in SSL sends all its supported ciphers at once, it doesn't "try" some, then "try" others. The server chooses which cipher to use from amongst those the client supports. If you have 128-bit capable Netscape, and 128-bit capable Apache SSL, or a Netscape server, or Stronghold, or whatever, you get full strength crypto, unless there's a bug in the server. Obviously if one or the other doesn't support it, you don't. Regards, Jeremey. -- Jeremey Barrett <jeremeyat_private> GPG fingerprint = 7BB2 E1F1 5559 3718 CE25 565A 8455 D60B 8FE8 B38F
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:31 PDT