Reckhard, Tobias wrote:
There are web browsers that will negotiate 128 bits only if the certificate presented by the web server is a "step-up certificate". I'm not sure what makes a certificate a step-up certificate, however, nor if this restriction still applies to current browsers.
The step up involved the browser checking the signer was a legitimate CA to sign a step-up cert and then performing the re-negotiation. The restriction disapeared when the crypto export laws were all relaxed. You have to go a fair way back (few years) to get a browser that still only supports 128bit symmetric in SGC mode. Cheers, Berin
