[PYTHON-CRYPTO] M2Cypto SSL and IE5's 56bit bug
Richard Jones
richard at bizarsoftware.com.au
Wed Jul 4 12:29:22 CEST 2001
On Wed, 4 Jul 2001 20:15, Michael Ströder wrote:
> Richard Jones wrote:
> > I've talked to Thawte about it, and am going with the $50 re-issue of the
> > cert. No SGC extension. Guaranteed to work - just like the test cert that
> > comes with m2crypto.
>
> No SGC in extendedKeyUsage extension means that weak ciphers will be
> used. You have to clarify if your local security policy allows that.
> E.g. SSL-capable banking applications in Germany are not allowed to
> run with weak ciphers.
But the workarounds for apache/ssl pretty much force the weaker ciphers by
removing the 40-bit ones. At least with this the 56-bit browsers will use
56-bit ciphers. And hoperfully, with the @STRONGEST on the end of our cipher
list, 128-bit browsers will use 128-bit ciphers. I have to admit a very
slight knowledge of SSL though, and no knowledge of the inner workings of
SGC, so what I've just said is probably complete garbage :(
Richard (who just wants the damn thing to work!)
--
Richard Jones
richard at bizarsoftware.com.au
Senior Software Developer, Bizar Software (www.bizarsoftware.com.au)
More information about the python-crypto
mailing list