On Fri, Aug 13, 1999, Charles Tassell wrote:
> I have a question about 128 bit certificates: How do I tell if I have one?
> I just looked at the Netscape "Page Info" of a site I connected to via
> https, and it said :
> Security: This is a secure document that uses a medium-grade encryption key
> suited for U.S. export (RC4-40, 128 bit with 40 secret).
>
> Does this mean I only have a 40-bit key, or a 128 bit key? The "128 bit"
> part would make me believe I was nice and secure, but that "40 secret" kind
> of scares me. If we have to spend another $600 Canadian to replace a bad
> cert request, my boss is going to be pi$$ed at me. ;-)
You certainly don't have a 40 or 128 bit key. That's just the bit size used by
the cipher of the connection. So when you've a 40 bit connection this usually
means that either you're using a export Netscape or the cipher suite on the
server disabled stronger ciphers.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]