On Thu, Jun 05, 2003, [EMAIL PROTECTED] wrote: > Are we at cross-purposes here? I'm referring to server certificates, not > client certificates (about which I am completely clueless as I currently > have no business reason to use them). > > Anyway, the proof of the pudding is in the eating. Can you point me to a > secure site that uses a key size >1024 bits? I can't find one for love nor > money. >
I don't know of any public sites but its easy enough to do a test. I made a sample self signed certificate with an 8192 bit key: openssl req -x509 -nodes -keyout x.pem -out x.pem -newkey rsa:8192 Then pointed the test server at it: openssl s_server -cert x.pem -www -port 443 Then putting https://127.0.0.1/ into browsers and clicking past the warnings brought up the test page on two browsers, Mozilla 1.3 and MSIE 6.0. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]