Itai Levy wrote: > > Hi, > > I'm using a web server based on openssl 0.9.5. > When I use a certificate which enables the use of SGC, I have a problem to > connect with IE 5.01 browsers. > I know that the reason for this is that there is a bug in the implementation > of SGC in IE 5.01. > I use the cipher group DEFAULT:!RC4-MD5 as a work around (with these ciphers > I can connect with IE 5.01). > The problem with this is that this ciphers group is not enough for some of > the browsers. > > Is there a way to disable SGC in openssl 0.9.5 ? > > I know that openssl 0.9.4 doesn't support SGC, so there should be no > problem, but I don't want to downgrade. > OpenSSL 0.9.4 didn't support SGC but then you probably aren't using SGC either. You are probably using "step up" which is Netscapes version. The problem is related to some new ciphersuites in OpenSSL 0.9.5 and a bug in MSIE which is triggered by the use of step up and an attempt to use two ciphersuites with different digests. There are several cipher strings you can try: DEFAULT:!EXPORT56 DEFAULT:!MD5 DEFAULT:!SHA1 If some versions of Netscape you are using don't support SHA1 strong ciphersuites then you may need the last one. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
