On Mon, Jun 26, 2000 at 02:55:35PM +0200, [EMAIL PROTECTED] wrote:
...
> SSL 3.0 ciphers:
> RC4 with 128 bit encryption and MD5 message authentication
> RC4 with 40 bit encryption and MD5 message authentication
> Triple DES with 168 bit encryption and SHA message authentication
> DES with 56 bit encryption and SHA message authentication
> RC2 with 40 bit encryption and MD5 message authentication
>
> My problem began as I changed the point "Stronger Encryption" from
> "Allow 40 bit secret key size for access" (default) to
> "Require 128 bit secret key size for access".
We are getting near to the problem:
If Netscape server shows the same behaviour as OpenSSL (select from the
sorted list of the client),
Triple DES with 168 bit encryption and SHA message authentication
precedes RC4-MD5 in the list (see openssl ciphers) and should be chosen.
If the check criterion is as stupid as the precise wording sounds:
"Require 128 bit secret key size for access",
you would see the error, as 168 bit != 128 bit.
(You won't see the error with Netscape clients, as their list of ciphers
is different from the OpenSSL default.)
(We had some discussions on the list with respect to the actual number of
bits of Triple DES (168 bit or 112 bit), but the level of security of
both ciphers should be in the same class.)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
