Yuval Hager wrote:
>
> In order to conform with US rules about the RSA patent, I want
> to establish a web server that will be able to establish an SSL session,
> without creating RSA keys, i.e. using the DH public keys for authentication.
> can this be achieved ?
>
> I need to know that both for Netscape and IE.
This gets asked a lot and you have my deepest sympathy. Neither Netscape
nor MSIE support non RSA cipher suites.
As to why I have no idea. Netscape seemed to go half way by supporting
DSS certificates for clients (well partly broken but never mind) then
never continued the rest of the way to add DH and DH+DSS SSL ciphers. I
put some queries in the Netscape champion newsgroup asking when or if
this would change and got no reply.
MSIE doesn't support DSS certificates at all and has no DH+DSS SSL
support.
There are various conspiracy theories that can be thought up as to why.
The only browser I know that supports this stuff is the HotJava browser
but it uses a broken DSS signature format which is incompatible with
OpenSSL (though you can break OpenSSL in the same way to make it work).
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
