c Rescorla [mailto:[EMAIL PROTECTED]]
Sent: 26 April 2002 16:17
To: [EMAIL PROTECTED]
Subject: Re: Key strength confusion
[snip]
As far as I know, there is in fact no such thing as a 40-bit cert.
There are two kinds of certificates:
(1) Ordinary X.509 certs containing an RSA key of whatever strength
"Luo, Feng (Exchange)" <[EMAIL PROTECTED]> writes:
> You are absolutely right, there is not so called 40-bit certificate. The key
> strength is controlled by server and browser, forget about SGC , it's old.
You can't forget about SGC, because there are still SGC-only export
browsers out there.
-E
ECTED]
Subject: Re: Key strength confusion
Stuart Parker <[EMAIL PROTECTED]> writes:
> On Friday, April 26, 2002, at 11:39 PM, [EMAIL PROTECTED] wrote:
>
> >
> > I'm not sure what you mean when you say that you paid for a 40bit
> > certificate. Do you mean an SGC c
Stuart Parker <[EMAIL PROTECTED]> writes:
> On Friday, April 26, 2002, at 11:39 PM, [EMAIL PROTECTED] wrote:
>
> >
> > I'm not sure what you mean when you say that you paid for a 40bit
> > certificate. Do you mean an SGC cert?
> >
>
> No. We purchased through a local Verisign distributor which
I don't know much about the restrictions in Australia, but I do know that
we've had a 128bit certificate since 1997. At that time we were running
apache-ssl. So I confess that I've never touched a 40bit certificate.
There are issues with versions of IE5 before 5.01SP2 (which itself is being
dropp
On Friday, April 26, 2002, at 11:39 PM, [EMAIL PROTECTED] wrote:
>
> I'm not sure what you mean when you say that you paid for a 40bit
> certificate. Do you mean an SGC cert?
>
No. We purchased through a local Verisign distributor which sells Global
(128-bit SSL) and Secure (40-bit SSL) certi
Hi,
Please check if you are using the RC4/RC2 cipher suite. In that case,
"Note that for RC4 and RC2 ciphers, the phrase "40-bit encryption" means the
keys are still 128 bits long,
but only 40 bits have cryptographic significance. "
Regards,
Srikanth
Stuart Parker <[EMAIL PROTECTED]> on 2
