Hi all,
I've searched the docs and mailing list archives and can't find a definitive
answer to my question. I hope someone can shed some light on the subject.
I'm very confused about RSAref. The modssl docs say that RSAref is mandatory
here in the US. The openssl docs say only that "it is possible" to use RSAref.
Clearly though, both openssl and modssl can work fine without it. The modssl
docs even say that using RSAref will result in some loss of functionality. So,
my question is, do I really need it? Is the "mandatory" issue a legal one or a
technical one? What are the implications of running a commercial server in the
US with a modssl module that isn't linked with RSAref?
Another possibly related question -- so far, I've built modssl without RSAref.
I've generated a self-signed server certificate according to the modssl docs.
When I connect, I'm only getting 40 bit encryption. How do I get 128? Is the
encryption strength dependant on the certificate or the modssl settings in
httpd.conf? Or maybe to my lack of RSAref?
Please respond via email -- I'm not a subscriber. Thanks.
--
Alex Howansky
[EMAIL PROTECTED]
http://www.wankwood.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
