Itai Levy wrote: > > Dr Henson, > > Thanks for your reply. > > According to your answer I need to check the following ciphers: > DEFAULT:!EXPORT56 > DEFAULT:!MD5 > DEFAULT:!SHA1 > > The problem is that I minimized the IE 5.01's problematic ciphers to one: > RC4-MD5. The problem is not RC4-MD5 at all its the fact that the first weak cipher uses SHA1 and the second is MD5. By disabling RC4-MD5 it ends up using two ciphers that both use SHA1. > So I use DEFAULT:!RC4-MD5 and still there are some browsers that needs the > RC4-MD5 cipher in order to work. > So this solution isn't good for me. > Is there a way to get into the code and disable the SGC in openssl ? > > Can I solve the problem by using a server certificate that doesn't support > SGC ? > Yes that will also work and it should be cheaper too. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
