Firewall Wizards mailing list archives
RE: SSL (Apache) <-> Browser
From: "Scott, Richard" <Richard.Scott () BestBuy com>
Date: Thu, 8 Feb 2001 09:02:09 -0600
Inline: Richard Scott * Best Buy World Headquarters 7075 Flying Cloud Drive Eden Prairie, MN 55344 USA The views expressed in this email do not represent Best Buy or any of its subsidiaries. Hi, Check the mod_ssl FAQ and mail list archives (I assume that you're using some apache/openssl/mod_ssl combination). Your problem is extensively discussed there. Resolution is in the hands of your server admin. This is what I am trying to help.... ;-) As a starting point: 1. Is a Global Server ID in use (a certificate that uses an intermediate CA certificate to "Step-up" the session key for old "export" servers and browsers)? If so you need to exclude EXPORT56 from the cipher suite in the server config. Yes it is, as far as I know, we have the 128bit certificate from verisign. I have seen the forums speak of problems with this, but I can't seem to get a config description of the server, so I have a few hole in my knowledge. This is what the admin will try, and I will see if that helps. 2. Is the apache server configured to support an SSL session cache? It probably needs to be. Why is this? Surely this just speeds up the negotiating ? Oh, and don't bother chasing this through MS support unless you are a masochist. Laughs, I have another question I want to through out. Using the 40bit or 128bit certificate, what determines the key that is used for the symmetric encryption. That is, does the server resolve to the lowest common dominator, hence if the client can only use 56bit, the server ill only use a 56bit key. I can seem to find the answer in the RFC. What I would like to see is that if the server can use the 128bit key always, and the client can use what ever they can cope with. Cheers ..... Jonathan. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- SSL (Apache) <-> Browser Scott, Richard (Feb 07)
- Re: SSL (Apache) <-> Browser Ng Pheng Siong (Feb 11)
- <Possible follow-ups>
- RE: SSL (Apache) <-> Browser Scott, Richard (Feb 08)
- RE: SSL (Apache) <-> Browser Jonathan Sartin (Feb 08)