Hi, Somehow it didn't appear in the mailing list. I am submitting it again.
Does Netscape international step-up work with openssl s_server? My initial thought was that one just needed the global_id certificate with s_server and hit it with an old Netscape browser like Communicator 4.7 International version. I have Netscape Communicator 4.7 installed on my Windows machine. "about:" tells me: "This version supports International security with RSA Public Key Cryptography, MD2, MD5, RC2-CBC, RC4". According to the Netscape documentation (http://developer.netscape.com/tech/security/stepup/overview.html#configure) , this version of browser should do step-up handshake if the server presents a global_id certificate. I am running OpenSSL (0.9.7) s_server on my Linux machine and use the global certificate from Verisign. Here is how I start the server: openssl s_server -accept 443 -cert cert-global-server-id-chained.cer -key verisign-global-server-1024key -state -debug -www Now when I access this server using the Communicator, it doesn't step-up. Rather it just completes the handshake using EXP-RC4-MD5 which is export mode 40-bit RC4-MD5 cipher. I was expecting to see it step up to the next strong cipher because the server presented the global_id cert. I will really appreciate suggestions/comments. Thanks, Imran. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
