>I have seen many discussions on super-certs, but does anyone know about he
>key features that makes a cert super? Or how does these certs come into
>being? Can we use openssl to produce these kind of certs?
This is the second time I have explained it in the past two weeks.
It has been explained before, too.
It is also described in the mod_ssl package.
The browsers know about a special CA. If they get an SSL server
cert from that CA, they renogotiate to 128bit crypto. It is possible
to hack Netscape to add your own CA to the "special" list. Nobody
has found out how to hack IE, yet.
The US has changed the export rules, so everyone (except for five
special countries that the US doesn't like) can get browsers that
will *always* use 128bit crypto.
Therefore, unless you have a LARGE number of browsers that you cannot
upgrade, you should not care about these "super certs."
Perhaps this should go into the FAQ?
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
