[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Non-US SSL128 site

> a) Use 128 bit SSL if the client allows it.
> b) Tell users which cipher is being used on a secure session.

Interesting. When I connect, both from my Unix box at work and my Mac at
home, I'm told the connection is "40 bits RC4". I'm running Netscape 1.1.
I guess this makes sense, since if freely distributed clients were 128-bit
capable, then foreign users would still get 128-bit security when connecting
to U.S. servers.

Netscape's press release on the RC4-40 crack seems to have disappeared from
their home page, but I don't remember any specific mention of 128-bit
U.S.-only clients, just servers.

So what's up?

                                -- Will