httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <>
Subject Re: Server Gated Certs (Was: TLS renegotiation attack, mod_ssl and OpenSSL)
Date Sun, 08 Nov 2009 12:47:06 GMT
Dirk-Willem van Gulik wrote:
> Dirk-Willem van Gulik wrote:
>> Actually Steve - you may know - what besides the obvious
>> extendedKeyUsage=nsSGC,msSGC
>> in the extension file needs to go into a sub-ca below a
>> self-signed-root-chain to make the browsers dance ? Or have they
>> hardcoded in some specific CA or similar ? Or is there a test case in
>> opnessl which is useful here ? As that would let us do decent tests
>> script.
> Hmm - just found
> which seems to be one of the few places on the web; which suggest that
> sepcial tagging in the browser is happening on a per-CA level.
> Is that indeed the case. That would suggest that we do need the help of
> a CA to do proper testing.

Actually now I think of this there is another issue. In SGC/Step Up an export
grade browser would first connect using weak crypto (because that was the
strongest algorithm it would support generally) and (if the certificate was
authorised) step up to strong crypto.

Now that browsers can connect with strong crypto from the start there isn't a
great deal of point doing that any more. In fact there's a good reason not to:
the double handshake with Step Up ends up perfomring two expensive server
private key operations compared to one in a normal handshake.

Do any countries still have browsers restricted to weak crypto and that might
use Step Up or SGC?

If so you also need an appropriate browser to test it...

Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute:
OpenSSL Core team:

View raw message