Hi list, we encountered a problem concerning the SSL handshake done by some IE versions (e.g. V5.00.2919.6307 with 56bit encryption, german version) with the server, as noticed on the microsoft site: http://www.microsoft.com/windows98/downloads/contents/WUCritical/schannel/Default.asp and http://support.microsoft.com/support/kb/articles/Q249/8/63.ASP The problem in brief: Export versions of IE have weak encryption (40 or 56bit secret). To get high encryption (128bit) one can use a global server certificate which tells the client-browser that it can use strong encryption. Unfortunately MS has a bug in the schannel.dll so that "occasionally" the wrong hash-algorithms is used by the client-browser. This is a very bad thing for us, as the SLL-connection is used for downloading an applet out of a unsecured html-page. Ok, we could ask the clients to install the microsoft bugfix (as linked to in the above mentioned uris), but we have lots of people using that applet so this might not be the best solution. Anyway, the problem does not occure only when downloading the applet, even a simple connection fails. What confuses us most is that the connection to our site https://gw01.alltrust.de fails but to another site https://cips.citicorp.de it works although the certificates and the corresponding root-certificates are the same!?!? We use a IBM HTTP Server (Apache derivate) v1.3.6 on AIX. The other site (cips) runs a Netscape Enterprise. Does anybody know, why the connection works with a different webserver? Is it possible to reconfigure the IBM HTTP Server to make it work?? Thanks for any help, Moritz Koenigsbuescher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
