On Wed, Jan 22, 2003, Peter Hendriks wrote: > Thanks for your answer. > > According to the infobox of Outlook Express 6.0 SP1 (completely updated), it > says something like 128 bits coding strength (I have a Dutch version). I can > access something like mailvault, which requires 128 bit SSL. > > The windows homepage tells me that the "strong encryption pack" is only > available for MSIE < 6.0 which has this package included. Therefore I can't > install this "strong encryption pack". > > https://www.fortify.net/sslcheck.html says I can use RC4, 128 bit coding > strength. > > To my best knowledge Outlook Express and Internet Explorer use the same > coding system. > > What I have done is create 3 certs (1 root, and 2 users) on my pc. I import > all keys with the certificate manager, then create a public key (with the > certificate manager) from "the other user". This public key is stored in the > addressbook of "the other user". I'm composing a message in Outlook Express > from "me" to the "other" user. When I click on "send" it gives a warning > (like "only 40 bit encryption is used"). The message wasn't really send, it > just sits in the outbox. The certs do work. > > As far as I can see, the problem must be either in Outlook Express, Windows > 98SE, or OpenSSL. >
It may be that when you just install a certificate for the 'other user' it has no way of knowing what encryption the other user can handle so it defaults to 40 bit RC2. Try sending signed mail from the 'other user' to Outlook. It should then get the necessary info that it support strong encryption. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
