On Fri, Oct 28, 2005, imana sakki wrote: > hello thank's for your answer, I want to know that wich parameter in the > certificate signed by verisign, determines that it is 128-bits or 40-bits? >
As the FAQ entry says these days just about any browser or server will use 128 bits automatically for any certificate. Its just a few obsolete "export" browsers that need the extension, by far the best advice would be to get the browser upgraded. If you really want to know there are two parameters. These are part of the extended key usage (EKU) extension. These are called "Microsoft Server Gated Crtpto" and "Netcape Server Gated Crypto" though "Netscape Step Up" would be a more accurate name. Every certificate in the chain with the exception of the root must include these. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
