On Tue, Apr 13, 1999 at 11:48:02PM +0300, Yuval Hager wrote:
> In order to conform with US rules about the RSA patent, I want
> to establish a web server that will be able to establish an SSL session,
> without creating RSA keys, i.e. using the DH public keys for authentication.
> can this be achieved ?
>
> I need to know that both for Netscape and IE.
With those it won't work, they support only RSA as public key
algorithm for SSL/TLS. E.g., the list of ciphersuites that export
versions of the new Internet Explorer 5 send to the server is as
follows:
00 00 03
CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 };
00 00 08
CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x08 };
00 00 06
CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x06 };
02 00 80
V2CipherSpec TLS_RC4_128_EXPORT40_WITH_MD5 = { 0x02,0x00,0x80 };
04 00 80
V2CipherSpec TLS_RC2_CBC_128_CBC_EXPORT40_WITH_MD5
There's the remote possibility that US versions will not only support
longer keys, but also additional algorithms, but I don't think they
do.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
