there has been a generation of browsers supporting SSLv3 AND USA export
restrictions as well: they where able to generate RSA keys limited to
512 bit length and simmetric key up to 40 bits (upgraded to 56
recently). Using such a netscape for example you were able to import a
PKCS12 file containing an externally generated RSA 1024 bit (or grater)
key pair and use it to establish an SSLv3 session but it only creates 40
or 56 session keys for encryption.
pietro
> Rich Salz <[EMAIL PROTECTED]> writes:
>
> > > The certificate has no effect on the type of symmetric encryption
that SSL
> > > negotiates.
> >
> > Except that if you have to support older "export-strength crypto"
> > browsers, then you can only have a 512bit key.
> Only REALLY REALLY old browsers that only support SSLv2.
>
> SSLv3 has a an ephemeral RSA scheme that lets you authenticate a
> 512-bit key with your 1024 bit signing key.
>
> -Ekr
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
