Re: rc2 encryption with 128 bit key
Check your browser, it might be an older 'international' version and not capable of handling 128 bit encryption. vijay karthik wrote: Hi! I selected the "RC2/RC4 encryption with 128 bit key" cipher for SSL connection from my browser. I tried to connect to the apache listener(with openssl), and it fails to connect. whereas RC2/RC4 with 40bit key succeeds. Does this mean the apache server is a 40 bit server ? Is there anything i should do during the Build, to get a 128 bit apache-openssl server ? Is there a way of finding out if the server i am using is a 40 bit or 128 bit one ? thanks Vijay __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Patrick Dubois ``Windows: 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor, written by a 2 bit company, that can't stand 1 bit of competition.'' -- Unknown ~ Got something to say that you don't want said in public? Ask me for my PGP key! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: rc2 encryption with 128 bit key
Hi, Sure the browser exports all export ciphers in the client_hello. But only if they have been enabled in the browser. It would be an empty list if only strong(non-exportable) ciphers were enabled and others (exportable) were disabled in the browser. And I think that is the scenario vijay is having problems with. :) Amit. Pluto wrote: On Thu, 17 Feb 2000, Amit wrote: Hi, I think the problem lies with the browser. The browser seems to be an export version so strong encryption algorithms have been disabled. This means that in the client_hello the browser's list of available ciphers will be null and so the connection fails. What you could do is run openssl tool s_server in the debug mode and actually find out the cipher list that the browser sends to the server. It can't be null. The export versions offer all the algos that are marked EXP. Yours -- Pluto - SysAdmin of Hades Free information! Freedom through knowledge. Wisdom for all!! =:-) PGP 1024/7261AACD 1996/09/10 1F3F EA94 D056 A686 4D19 C456 6CF9 4344 Phone: +49-173-4814739 eCash(DB): 129429938818 Q3T: js-Pluto The reasonable man adapts himself to the world; the unreasonable man persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: rc2 encryption with 128 bit key
Hi, I think the problem lies with the browser. The browser seems to be an export version so strong encryption algorithms have been disabled. This means that in the client_hello the browser's list of available ciphers will be null and so the connection fails. What you could do is run openssl tool s_server in the debug mode and actually find out the cipher list that the browser sends to the server. :) Amit. vijay karthik wrote: Hi! I selected the "RC2/RC4 encryption with 128 bit key" cipher for SSL connection from my browser. I tried to connect to the apache listener(with openssl), and it fails to connect. whereas RC2/RC4 with 40bit key succeeds. Does this mean the apache server is a 40 bit server ? Is there anything i should do during the Build, to get a 128 bit apache-openssl server ? Is there a way of finding out if the server i am using is a 40 bit or 128 bit one ? thanks Vijay __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]