Andrews, Rick wrote:
https://www.chase.com
https://www.wellsfargo.com
But I suppose you'll need to locate an old international browser that
does step up, right? Most modern browsers will start with strong crypto
and don't need to step up.
What we really need is 1) a pub/priv key pair of such a cert* (or use
attached CSR) of some random domain (ideally expired and with a totally
bogus CN valye so we can post the private key publicly) and 2) obviously
a browser which support this (but that we can handle).
As we need to plug it into Joe his patched apache to see if it will
still allow that initial re-negotation; but block later re-negotiaion.
Dw
*: Unless someone can tell me how to make the right thing
with openssl; I cannot figure out how to do the extension
file right - and thing it is not an option.
