kbg wrote:
>
> Hy,
>
> I'm trying to generate a 40 key to be used with an ssl-apache server
> (due to country limitations).
>
> I've tried many things to generate it...
> ssleay genrsa -rand rand.dat -des 40 > server.key
> gives me a server.key file that looks nice, but doing
> ssleay req -new
Rodney Thayer wrote:
> meta question... is there/should there be an openssl faq?
Dunno if there is, but there certainly should be!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit.
you need to make your cert key 512 bits and make sure the cipher set is
set up to use 40 bit rc4 for symmetric keys. that's in the cipher selection
stuff, you don't do it with genrsa.
someone who's a current apache user should explain this...
meta question... is there/should there be an openssl
> What country limitations?
He is in France.
> Yeah - don't try to use a 40 bit RSA key. That's far too small. If you
> want to use 40-bit session keys, then restrict the ciphersuites you use.
He has to limit his ciphersuite to only include things like EXP-RC4 and
EXP-RC2 and use 512 bit RSA ke
kbg wrote:
>
> Hy,
>
> I'm trying to generate a 40 key to be used with an ssl-apache server
> (due to country limitations).
What country limitations?
>
> I've tried many things to generate it...
> ssleay genrsa -rand rand.dat -des 40 > server.key
> gives me a server.key file that looks nice,
Hy,
I'm trying to generate a 40 key to be used with an ssl-apache server
(due to country limitations).
I've tried many things to generate it...
ssleay genrsa -rand rand.dat -des 40 > server.key
gives me a server.key file that looks nice, but doing
ssleay req -new -key server.key -out server.csr