Detect the encryption level supported by the browser with IIS 4.0
How to detect whether or not a browser support 128 encryption? The question had been
posted here several times before. No one had been able to provide a working answer.
According to Article 12017 from Allaire knowledge base,
"req.getHearder("HTTPS_SECRETSIZE") is the client encrption key size under Netscape
Enterprise Server. It is not true for IIS 4.0 (that value returns null). So I assume
the way to detect browser's encrption key size is server dependent. I have tested the
value of following headers in IIS 4.0:
HTTPS_SECRETKEYSIZE=1024
HTTPS_KEYSIZE=128
SSL_CIPHER_USEKEYSIZE=null
HTTPS_KEYSIZE returns 128 even with 40-bit browser, because it is the server's key
size!
I used req.getHeaderNames() collected the name and value of all headers from a https
quest, but nothing is HTTPS or SSL related.
I do know some peole use .ASP file to detect the browser's encryption level. If that
info is not in the header for IIS, where could it be? Any comment is appreciated.
Thanks.
JJ Fu
SUN Certified Java programmer
Internet Developer
Compass Bank
(205)558-5255
===
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
Re: Detect the encryption level supported by the browser
-Original Message- From: A mailing list about Java Server Pages specification and reference [mailto:[EMAIL PROTECTED]]On Behalf Of Fernando Ribeiro Sent: Wednesday, February 16, 2000 3:45 AM To: [EMAIL PROTECTED] Subject: Re: Detect the encryption level supported by the browser Two or three days ago I have faced the same problem. We should take a look at the HTTPS protocol reference and check it it does not expose that information as a environment variable, just like HTTP_REMOTE_USER. I suspect it is highly dependant on your web server and/or ssl product. In the case of Apache 1.3.9 RavenSSL 1.4, these are the headers I receive during an HTTPS request that related to SSL: HTTPS on SERVER_PORT 443 ssl-unclean-shutdown 1 SSL_CIPHER RC4-MD5 SSL_CIPHER_ALGKEYSIZE 128 SSL_CIPHER_EXPORT false SSL_CIPHER_USEKEYSIZE 128 SSL_CLIENT_VERIFY NONE SSL_PROTOCOL SSLv3 SSL_SERVER_A_KEY rsaEncryption SSL_SERVER_A_SIG md5WithRSAEncryption SSL_SERVER_I_DN /C=US/ST=California/L=Palo Alto/O=[DELETED] SSL_SERVER_I_DN_C US SSL_SERVER_I_DN_CN www.myhost.com SSL_SERVER_I_DN_Email [EMAIL PROTECTED] SSL_SERVER_I_DN_L Palo Alto SSL_SERVER_I_DN_O MY COMPANY SSL_SERVER_I_DN_OU MY COMPANY SSL_SERVER_I_DN_SP California SSL_SERVER_M_SERIAL 00 SSL_SERVER_M_VERSION 3 SSL_SERVER_S_DN /C=US/ST=California/L=Palo Alto/O=[DELETED] SSL_SERVER_S_DN_C US SSL_SERVER_S_DN_CN www.myhost.com SSL_SERVER_S_DN_Email [EMAIL PROTECTED] SSL_SERVER_S_DN_L Palo Alto SSL_SERVER_S_DN_O MY COMPANY SSL_SERVER_S_DN_OU MY COMPANY SSL_SERVER_S_DN_SP California SSL_SERVER_V_END Jan 12 09:22:13 2001 GMT SSL_SERVER_V_START Jan 13 09:22:13 2000 GMT SSL_SESSION_ID D685421330 [...] GATEWAY_INTERFACE CGI/1.1 SERVER_PROTOCOL HTTP/1.1 REQUEST_METHOD GET === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". FAQs on JSP can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html
Re: Detect the encryption level supported by the browser
Two or three days ago I have faced the same problem. We should take a look at the HTTPS protocol reference and check it it does not expose that information as a environment variable, just like HTTP_REMOTE_USER. Who keeps the HTTPS protocol? Let me know if you find something. Post it to the list since its valuable information. fribeiro Connie Chan wrote: Hi, Does anyone know how to detect the encryption level supported by the running browser in JSP? Thanks. Thanks, Connie === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". FAQs on JSP can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". FAQs on JSP can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html
Re: Detect the encryption level supported by the browser
it's a request header attribute called: HTTPS_SECRETKEYSIZE it's either 128 or 40 dave Connie Chan wrote: Hi, Does anyone know how to detect the encryption level supported by the running browser in JSP? Thanks. Thanks, Connie === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". FAQs on JSP can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html -- David Mossakowski [EMAIL PROTECTED] Programmer 212.310.7275 Instinet Corporation "I don't sit idly by, I'm planning a big surprise" === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". FAQs on JSP can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html
Detect the encryption level supported by the browser
Hi, Does anyone know how to detect the encryption level supported by the running browser in JSP? Thanks. Thanks, Connie === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". FAQs on JSP can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html
