Re: How to use SSL_CTX_set_cipher_list in order to avoid IE 5.01 problem.

Wed, 12 Jul 2000 05:37:32 -0700 

Dr Stephen Henson Thank you a lot for your help.

I pass the"DEFAULT:!EXPORT56:@STRENGTH" string to the 
SSL_CTX_set_cipher_list function.

Right now the behavior of the IE 5.01(Win2000)is
"page can not be displayed" in the first attempt for connecting securly to 
the openSSl server.
But in the second attempt I succeed connecting to the site.

Is this the correct behavior?
If it is, then what should i do in order to fix it?

Thanks again,

Peleg Atar
Project Manager R&D
Petach Tikva, Israel 49561.
Cylink Company,
Algorithmic Research

>From: Dr Stephen Henson <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: How to use SSL_CTX_set_cipher_list in order to avoid IE 5.01 
>problem.
>Date: Wed, 12 Jul 2000 11:40:39 +0100
>
>The string you pass to this function is documented in the ciphers manual
>page. The MSIE problem is generally caused by its (mis)use of 56 bit
>ciphers with SGC or step up so the string "DEFAULT:!EXPORT56:@STRENGTH"
>should do the trick.
>
>The best "fix" is to apply the 128 bit security patch to MSIE. It then
>avoids this SGC nonsense altogether. You don't have to buy the
>(sometimes) more expensive special certificates. The browser uses strong
>encryption from the start, instead of making two connections per
>session, this reduces server load.
>
>Steve.
>--
>Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
>Personal Email: [EMAIL PROTECTED]
>Senior crypto engineer, Celo Communications: http://www.celocom.com/
>Core developer of the   OpenSSL project: http://www.openssl.org/
>Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [EMAIL PROTECTED]
>Automated List Manager                           [EMAIL PROTECTED]

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to