> 1.in applications that use openssl, the session keys are 40 bit or 128 bit?
It depeds on the cipher suite; see "openssl ciphers" for example. > 2.how can 40 bits key be changed to 128 bits in this application( for example > IE & Mozilla) You can limit what ciphers you'll use in connections. Or your application can force a renegotiation. > 3.if i can use openssl for application what is the size of key(secure size)? openssl supports everything defined in ssl/tls specs. > 4.in USA & Caneda how can they use the keys with nonexport key size? US export rules don't apply for this any more. -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
