How does this stepup really works?
The server has this special GSID certificate, but is he otherwise
"modified" (he must
be able to use strong ciphers) in some way to be able to handle the
stepup?
Isn't it actually just a client issue, i.e. the client sees the GSID
and, in the Netscape
case, finishes the 40 bit negotiation and then starts a new 128 bit SSL
negotiation,
and in the IE case, it drops the current negotiation and starts a new
with a stronger cipher.
The following is from the README-GSID.GlobalID file:
"First you should recognize that Apache+mod_ssl+SSLeay allow such
renegotiations since version 2.1.3"
What does these renegotiations look like and what changes were made and
where?
Is there something called session renegotiations in the SSL spec?
Looking at http://microsoft.com/security/tech/sgc/TechnicalDetails.asp
it seems
like the client justs starts a new handshake...
I would be really happy if someone could shed some light in the fog on
this
(interesting) topic!
--Patrik
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
