httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Strader, William Alexander (WAX)" <strad...@y12.doe.gov>
Subject RE: [users@httpd] RE : [users@httpd] SSL Question
Date Fri, 13 Feb 2004 17:32:25 GMT
So how do you get a browser to use the 3DES??
 

Thanks, 

Billy S. 
WebPool 
Office: (865) 425-5178 
Pager: (865) 417-5012 

-----Original Message-----
From: ARSLAN Ozgur [mailto:oarslan@team-partners.com]
Sent: Friday, February 13, 2004 12:25 PM
To: users@httpd.apache.org
Subject: [users@httpd] RE : [users@httpd] SSL Question



Hi, 

RSA is used for the Key Exchange. 3Des is a cipher that can be used to
encrypt the private key. 3DES is the strongest cipher that you can use but
its use could be submitted to special permissions in some cases (US gov,
Banks, ...).

You can also use other ciphers with RSA Key Exchange : RC4, RC2, DES, MD5. 
MD5 is the weakest cipher. It does not ensure encryption. 

Openssl's "genrsa" command default key generation use md5, but you can
provide arguments to use others (see openssl genrsa -h).

You can use 3DES for SSL Keys as your user asks but be careful with US or
local laws. (with -des3 option). 

For more information, have a look at : 
http://docs.sun.com/source/816-6156-10/contents.htm
<http://docs.sun.com/source/816-6156-10/contents.htm>  


Cheers, 
Ozgur. 

-----Message d'origine----- 
De : Strader, William Alexander (WAX) [ mailto:straderw@y12.doe.gov
<mailto:straderw@y12.doe.gov> ] 
Envoyé : vendredi 13 février 2004 16:20 
À : 'users@httpd.apache.org' 
Objet : [users@httpd] SSL Question 


OK a user is asking some pretty weird questions and I believe I have the
correct answer however if someone wouldn't mind verifing my answers so I
know I am correct in my responce:

Why are we not using 3DES for SSL Keys? 

3DES is only used to Network Encryption not Web Encryption.  The max a Web
Application can use for encryption is RC4 128bit. 

Is this correct??? 

Thanks, 

Billy S. 
WebPool 
Office: (865) 425-5178 
Pager: (865) 417-5012 

--------------------------------------------------------------------- 
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL: http://httpd.apache.org/userslist.html
<http://httpd.apache.org/userslist.html> > for more info. To unsubscribe,
e-mail: users-unsubscribe@httpd.apache.org

   "   from the digest: users-digest-unsubscribe@httpd.apache.org 
For additional commands, e-mail: users-help@httpd.apache.org 


Mime
View raw message