Matt Walsh wrote:
>
> Hi All (esp SSL protocol experts). Please help me to understand
> something!
>
> In short
> --------
> What triggers the key exchange during an SSL transaction?
>
[SKE example deleted]
Well your example is probably related to US export versions of browsers.
The old export regs restricted the size of RSA keys that could be used
for key exchange to 512 bits. So if the certified server key (i.e. the
one in the certificate) is larger then 512 bits and the client only
supports export ciphers then a temporary RSA key is used which is signed
by the server private key (the regs had no restrictions on signing with
larger keys).
Later versions of the regulations allowed use of 1024 bit keys in 56 bit
ciphersuites. Now of course there's no restriction.
So the clients in question are probably old export versions, newer
versions shouldn't have this problem.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
