> I've seen a few moans on openssl-users list about this -
> basically IIS &
> IE do a quick step-up that's actually not permitted by the
> SSL protocol.
> It's a hack by Microsoft to make step-up easier, and I think
> support can
> be added to OpenSSL, but AFAIK it's not in the main source on
> principle.
> Netscape does a proper step-up and so should work properly.
> I don't know
> the details, but even under U*ix step-up with IE tends fo fail.
>
> Is it crucial that you have step-up? Whilst crackable, 40/56 bit
> encryption is usually fine for everyday use.
The problem with the "illegal" quick step-up should be solved with
release 1.0.0 as it includes OpenSSL 0.9.5a, which supports the broken
IE Step-Up.
Right now i tested the SSL functionality of release 1.0.0 on Win98 and
NT and both allowed a sucessfull connect, although i have now GlobalID
cert.
/me
--
Institut Ingenium GmbH http://www.ingenium.de/
Daniel Reichenbach [EMAIL PROTECTED]
