On Wed, Aug 30, 2000 at 05:48:00PM +0300, Florin Andrei wrote:
> I see. So, i'll have to use 40 bit key in order to allow everyone in France
> to access my site, right?
Wrong - the webserver will figure out how to downgrade.
There is no one using 40 certificates anywhere.
Basically when doing an SSL session, there is two types of
keys: The certificate keys (either 512 or 1024 bits in standard
setups) and the symmetric session keys (either 40, 56 or 128 bits).
You should read: http://www.modssl.org/docs/2.6/ssl_intro.html
When verisign write about 128 bits certificates, then they're
actually talking Global ID/Server Gated Crypto ... see
http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/README.GlobalID
Bescause of the rather special French rules, then French browser
version from last year or older probably does not support Server
Gated Crypto - and new versions will most likely not need it
because they support strong crypto by default...
You can use whichever of verisigns Secure Site or Secure Site Pro
(http://www.verisign.com/products/site/ss/index.html) you like,
but because of the old French restrictions, then you will not gain
very much by choosing the expensive version.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
