On Tue, Jan 19, 1999, Shane Wegner wrote:
I have setup mod_ssl with Apache 1.3.4 on my web server according to the
instructions in the INSTALL file. I used a self-signed key with "make
certificate TYPE=custom" and it worked in lynx without a problem. Tests
in s_client showed a 1024 bit key. I then fired up the win95 machine and
tried to access the site using IE4 and it said it couldn't access it
because the key was signed by an unknown CA. This is understandable but
when I went to view certificate, the quality said "40 bit - Low" which
indicates that the key is low grade. Strange since s_client said 1024
bit. Furthermore, IE had no way to override the unknown CA problem so I
couldn't connect at all.
The "40 bit" display usually means the grade of the connection and not really
the key. The key is 1024, but I guess you're using an export-version of IE you
get only a EXP-X cipher on SSL handshake. Just look inside the mod_ssl
logfile, there the cipher is displayed.
What I am wonder is 1) Is that an IE bug or a SSLEAY bug with the
seemingly different bitrates?
Neither of them. The 40bit quality is caused by the export restrictions built
into your IE, I think. The fact that it doesn't know your CA is another
problem. I've no experiences with IE under Win95, so I cannot help you in
getting our CA cert recognized by it.
2) Can IE load an https site even if it is signed by an unknown (to it)
CA? Sorry if the last question is offtopic for this list but I couldn't
find anything in the manual or FAQ.
I think, IE will not accept connections until you've loaded your CA cert into
IE for correct verification of the server cert.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
