mailing list archives
RE: SSL and negotiated key strength
From: Graeme Rider <Graeme.Rider () colesmyer com au>
Date: Tue, 22 May 2001 07:52:40 +1000
are you using the intermediate certificate as well as the CA's cert. This
int.cert is required for the SGC to work....
by the way, if you find what is preventing the global cert from working on
apache can you please tell me so l can get ours to work...
technical security analyst
From: Scott, Richard [mailto:Richard.Scott () BestBuy com]
Sent: Tuesday, 22 May 2001 0:12
To: 'Graeme Rider'; firewall-wizards () nfr com
Subject: RE: [fw-wiz] SSL and negotiated key strength
the global certificates use Server Gated Cryptrography (which l think was
developed by Microsoft - so there is part of the problem)...this allows the
customers browser to be upgraded to 128bit..
the problem with your configuration is, as is with mine, you use Apache.
Apparently because it is open source, there are many versions of it and
Verisign (l use Esign certs which is the Aust. subsidiary of Verisign)do not
gaurantee that these certs will work.
You can get them to work but this requires determining which part of the
Apache configuration is not understanding SGC.
l have an added problem as we use Stronghold as well...l had to drop down to
standard certs to get it to work as it wouldn't work at all with 56 bit...
The Problem that I am seeing is two fold, I'm playing around with apache to
get that sorted, and I have read the numerous issues that comes with Global
Certs and non MS products. But the other issue is that MS IIS server isn't
stepping up (using IE5) either. I know in IIS that you can enforce 128bit
encryption, but I don't want to do that on the client side. Does anyone
have ay suggestions on how to ensure SGC on IIS to make clients step up to
? Best Buy World Headquarters
7075 Flying Cloud Drive
Eden Prairie, MN 55344 USA
The views expressed in this email do not represent Best Buy
or any of its subsidiaries.
firewall-wizards mailing list
firewall-wizards () nfr com