I'm using a 128-bit-cert. But browsers that support less encryption (e.g. IE that comes with WinNT4) can't access my SSL-pages because the encryption doesn't allow degration. Is there any way to solve this prob? Using Apache with an official SSL-cert.
PS: This just came to my mind when you said "step-up" - cause in my case it would be a "step-down", right? On 10 Jun 2003 at 21:49, Berin Lautenbach wrote: > Reckhard, Tobias wrote: > > There are web browsers that will negotiate 128 bits only if the > > certificate presented by the web server is a "step-up certificate". > > I'm not sure what makes a certificate a step-up certificate, > > however, nor if this restriction still applies to current browsers. > > The step up involved the browser checking the signer was a legitimate > CA to sign a step-up cert and then performing the re-negotiation. The > restriction disapeared when the crypto export laws were all relaxed. > You have to go a fair way back (few years) to get a browser that still > only supports 128bit symmetric in SGC mode.
