Probably caused by the browser. The certificates don't really have much to
say about whether you get 40-bit or 128-bit cryptography. Upgrade to a
browser that supports 128-bit cryptography.
_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________
----- Original Message -----
From: "Auteria Wally Winzer Jr." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 16, 2001 3:22 PM
Subject: Re: Setting the bit to 128
> When a cert is created by openssl (using the CA.pl script):
> CA.pl -newca
> CA.pl -newreq
> CA.pl -sign
> I deploy it to Apache. Within my testbed when accessing
> the SSL pages when I move the mouse over the lock it shows
> the strength of the SSL Secured (40-bit).
>
> Does this has to do w/ the browser? or do I have to have
> specific software that creates keys of 128-bit encryption?
> If the browser is 128-bit will it set the SSL page to 128?
>
> - Wally Winzer Jr.
>
> Greg Stark wrote:
>
> > No. Your question doesn't make any sense, so folks are just trying to
guess
> > what you *might* mean.
> >
> > _____________________________________
> > Greg Stark
> > Ethentica, Inc.
> > [EMAIL PROTECTED]
> > _____________________________________
> >
> > ----- Original Message -----
> > From: "Auteria Wally Winzer Jr." <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Friday, February 16, 2001 3:00 PM
> > Subject: Re: Setting the bit to 128
> >
> > > So, in a nutshell openssl doesn't have the ability to create 128-bit
> > > self-signed CA's?
> > >
> > > - WW Jr.
> > >
> > > Dr S N Henson wrote:
> > >
> > > > "Auteria Wally Winzer Jr." wrote:
> > > > >
> > > > > The goal:
> > > > >
> > > > > To generate a 128-bit self-signed CA.
> > > > >
> > > >
> > > > That has little to do with the CA certificate and more to do with
the
> > > > software being used. If clients can only make 40 bit SSL connections
> > > > then the clients probably only support 40 bit SSL (the old export
> > > > crippled software) and needs upgrading to 128 bits.
> > > >
> > > > Well actually that's not the whole story. Some certificates signed
by a
> > > > special CA can enable 40 bit clients to use 128 bit connections but
you
> > > > can't readily create those yourself because they wont be signed by
the
> > > > (hard coded) special CA.
> > > >
> > > > Steve.
> > > > --
> > > > Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
> > > > Personal Email: [EMAIL PROTECTED]
> > > > Senior crypto engineer, Celo Communications: http://www.celocom.com/
> > > > Core developer of the OpenSSL project: http://www.openssl.org/
> > > > Business Email: [EMAIL PROTECTED] PGP key: via homepage.
> > > >
______________________________________________________________________
> > > > OpenSSL Project
http://www.openssl.org
> > > > User Support Mailing List
[EMAIL PROTECTED]
> > > > Automated List Manager
[EMAIL PROTECTED]
> > >
> >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
