Reckhard, Tobias wrote:
There are web browsers that will negotiate 128 bits only if the
certificate presented by the web server is a step-up certificate.
I'm not sure what makes a certificate a step-up certificate, however,
nor if this restriction still applies to current browsers.
The step up involved the browser checking the signer was a legitimate CA
to sign a step-up cert and then performing the re-negotiation. The
restriction disapeared when the crypto export laws were all relaxed. You
have to go a fair way back (few years) to get a browser that still only
supports 128bit symmetric in SGC mode.
Cheers,
Berin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]