On Tue, 20 Jun 2000, Francesco D'Inzeo wrote:
> >We use SSL, and that was originally the *primary* reason to choose OpenSA
> >over any other Win32 Apache build available.
> You are going to have troubles with international releases of browsers say
> 40/56 bit criptography enabled browsers because they don' t work with
low-grade encryption and/or fortify'd browsers work fine here.
> OpenSa (Apache + ModSSL) on Windows NT but only on Unix boxes.
> Even if they say (Mod_SSL) that international browsers have to step up from
> low encryption to strong one, it does not work when the Apache server is
> a Windows NT box.
>
> My company holds a Verisign Global Server ID (payed 895 $) which as stated by
> Mod_SSL Readme.GlobalID enables Apache+Mod_SSL to step up international browsers,
> but it works fine on Linux and does not work on Windows NT.
> I had to change the web server software to M$ IIS 4 on Windows NT which
> steps up International browsers correctly.
I've seen a few moans on openssl-users list about this - basically IIS &
IE do a quick step-up that's actually not permitted by the SSL protocol.
It's a hack by Microsoft to make step-up easier, and I think support can
be added to OpenSSL, but AFAIK it's not in the main source on principle.
Netscape does a proper step-up and so should work properly. I don't know
the details, but even under U*ix step-up with IE tends fo fail.
Is it crucial that you have step-up? Whilst crackable, 40/56 bit
encryption is usually fine for everyday use.
Luke
--
Luke Ross (Fizzy Razzer) - [EMAIL PROTECTED]
Visit http://lcr.sys3175.co.uk for geek code, other addresses, web page etc.
