>
>
>
> Matt Walsh wrote:
> >
> > Hi All (esp SSL protocol experts). Please help me to understand
> > something!
> >
> > In short
> > --------
> > What triggers the key exchange during an SSL transaction?
> >
> [SKE example deleted]
>
> Well your example is probably related to US export versions of browsers.
> The old export regs restricted the size of RSA keys that could be used
> for key exchange to 512 bits. So if the certified server key (i.e. the
> one in the certificate) is larger then 512 bits and the client only
> supports export ciphers then a temporary RSA key is used which is signed
> by the server private key (the regs had no restrictions on signing with
> larger keys).
>
> Later versions of the regulations allowed use of 1024 bit keys in 56 bit
> ciphersuites. Now of course there's no restriction.
>
> So the clients in question are probably old export versions, newer
> versions shouldn't have this problem.
Does this mean newer clients won't even send the SSL_RSA_EXPORT_*
in the ClientHello handshake message?
Thanks,
Nagaraj
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
