Hello All at modssl-users,
What a great product!
I have downloaded everything (latest 0.9.5, 2.6.2, 1.3.12). I did a
config/make, and everything went fine (even using DSO). I made a key and
cert for the default server and a second set for a specific URL.
./httpsdctl startssl works fine. I have a self signed key/cert. It
works.
However, when I get in with Netscape 4.7, the encryption level is lower
than I expect or want. My browser uses 128 bit encryption at other sites
with no problem (so the problem doesn't seem to be the browser). OpenSSL
has a whole slug of 128 bit ciphers to choose from (I did a 'openssl
cipher -v').
The message I get from my secure connection is this:
Security: This is a secure document that uses a medium-grade encryption
key suited for U.S. export (RC4-56, 128 bit with 56 secret).
I have tried upping the level with these settings in httpsd.conf:
SSLProtocol -all +SSLv3
SSLCipherSuite SSLv3:+HIGH:+MEDIUM:+EXP
and
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
These settings simply prevent me from getting in. It seems like the
key/cert has some characteristic that is less than what I want.
What do I do to up-it to 128? Is it somewhere in the config process?
Is it a different setting in httpsd.conf? Is it a change to my browser?
Thanks in advance.
--------------------------------------------------
Mark Temple, Information System Manager
ABC Labs, Columbia, Missouri 65202
voice:573.876.8198 fax:573.443.9033
--------------------------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
