On Fri, Jan 18, 2002 at 12:08:36PM -0500, Mark Lidd wrote:
> A transcript is the following:
>
> bash-2.05$ openssl s_client -connect autonet.va.autometric.com:443 -ssl2
...
> Ciphers common between both SSL endpoints:
> RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5
> EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5
...
> New, SSLv2, Cipher is DES-CBC3-MD5
...
> <title>Insufficient encryption</title><h1>Insufficient encryption</h1>
> This document requires a larger secret key size for encryption than your
> browser is capable of supporting.
> <HTML><HEAD><TITLE>Forbidden</TITLE></HEAD>
> <BODY><H1>Forbidden</H1>
> The proxy's access control configuration denies access to
> the requested object through this proxy.
> </BODY></HTML>closed
Obviously the "Insufficient encryption" argument is badly implemented.
DES-CBC3-MD5 should be strong enough. If you would have used netscape,
it would choose RC4-MD5 and it seems that this is hardcoded into the
server. Specify RC4-MD5 as cipher:
openssl s_client -connect autonet.va.autometric.com:443 -ssl2 -cipher RC4-MD5
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
