> Kenneth Mutka <[EMAIL PROTECTED]> writes:
>
> > > Neither Netcape 4.7 nor IE 5 supports DH key exchange. It is not
> > > required by SSLv3.
> >
> > If they don't support it, what browsers does?
> > I would like to run Anonymous Diffie-Hellman aswell.
> As I said in my previous mail, IE 5 Under Win2K supports
> DSS/DH.
>
> It does not, however, as far as I know, support anonymous
> DH.
>
> Once again, using anonymous DH is a really terrible idea.
> It leaves you completely open to active attack.
>
Anonymous DH should only be used when the key exchange can be verified
by some additional authentical method such as SRP, Kerberos, KEA, ....
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
