Only "Axis of Evil" countries have crypto export controls, i.e. Iran, Iraq, Syria, N. Korea, Libya, Sudan. If you're not expecting clients from these countries there shouldn't be any reason for not having access to 128-bit browsers. I don't know if it's still the case but France was an exception as any strong crypto user has to file their keys with the government (I'd be surprised if that's still true).
-----Original Message----- From: Matt Robertson [mailto:[EMAIL PROTECTED]] Sent: Monday, October 14, 2002 5:07 PM To: CF-Talk Subject: Re: 40 bit vs 128 bit ssl I thought certs downgrade themselves, depending on the client browser's capabilities? You shouldn't have to do anything. --------------------------------------- Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc., www.mysecretbase.com --------------------------------------- ---------- Original Message ---------------------------------- from: "Fregas" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] date: Mon, 14 Oct 2002 16:00:38 -0500 >Here's one for you. > >Windows 2k/IIS >Coldfusion 5.0 > >We had a consultant come in who was proficient in coldfusion web >development look at our site. He suggested at first that we require >128 bit security for the SSL portions of our site using IIS. This >ensures that people can't go to a form or checkout page that is >supposed to be ssl by changing the URL on the address bar from https:// >to http://. However, since we have foreign customers who may not have >a 128bit ssl compliant browser, he suggested making two virtual (or >real) diretories, marking one in IIS as requiring SSL and the other as >requiring SSL with 128bit encryption. > >I've created some virtual directories and done this. However, I >haven't been able to see if the 40bit virtual directory works for those >browsers. I downloaded the archaic version of Netscape 3.04 (40 bit >ssl version) but the CGI variables: HTTPS_KEYSIZE and CERT_KEYSIZE both >say 128 bit. I'm not sure if these are even variables I should be >looking at for this. > >What I need to do is detect whether the client browser has 40 bit or >128 bit. If they have 40 bit, send them to the directory that requires >ssl only. If they have 128 bit, send them to the directory that >requires that. Not sure how to test or implement this. > >Any ideas? > >Craig > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
