Magnus Stenman wrote:
>
> Found this in the "What's new file" for Netscape 4.6:
>
> New 56-bit DES ciphers added to both export and US versions
> (requires new SSL cipher suite server-side)
>
> What is this, and does mod_ssl (or is is OpenSSL) support it?
I added them to OpenSSL when they were announced but they are disabled
by default (because they are just an I-D) - you can switch them on by
editting .../openssl/ssl/tls1.h and turning on:
#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1
I believe Netscape have tested interop (at least, my test server has
hits from within Netscape, even though they haven't told me about it [I
forgive them, that would probably be illegal]).
Servers need to be modified to support them, because they should
generate ephemeral 1024 bit keys when required.
Let me know if anything interesting happens when you try to use them!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
