are export 1024 ciphers no good?
From: Larg (nick.hardiman_at_bt.com)
Date: 05/23/03
- Next message: Deepti Polavarapu: "secure Rlogin"
- Previous message: phn_at_icke-reklam.ipsec.nu: "Re: Hardening an old Ultrix server"
- Next in thread: Sasha: "Re: are export 1024 ciphers no good?"
- Reply: Sasha: "Re: are export 1024 ciphers no good?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 May 2003 07:34:04 -0700
I got this complaint about one of our websites. It lists the
ciphersuites that the webserver accepted.
> -------- Original Message --------
> Subject: secure site
>
> Secure Site ciphers:
> RC4-MD5
> RC4-MD5
> RC4-SHA
> EXP-RC4-MD5
> EXP-RC4-MD5
> EXP1024-RC4-MD5
> EXP1024-RC2-CBC-MD5
> EXP1024-RC4-SHA
> NULL-MD5 <----
> NULL-SHA <----
>
> I draw your attention to the last two lines, you are willing to
> negotiate a secure connection using no encryption, ie plain text
> visible to all, oh and the EXP ciphers have been defeated years
> ago and are not suitable for e-commerce.
>
> Lee
The webserver was incorrectly set up. It accepted 40 bit ciphers,
which was a bit silly, and null ciphers, which was stupid.
First question:
I don't know what is wrong with the EXP1024 ciphers. I can't find any
references to their performance. Do you know?
Second question:
I want to do some testing. Is there a client available which I can use
to send, receive and list ciphersuites?
Many thanks,
Larg
- Next message: Deepti Polavarapu: "secure Rlogin"
- Previous message: phn_at_icke-reklam.ipsec.nu: "Re: Hardening an old Ultrix server"
- Next in thread: Sasha: "Re: are export 1024 ciphers no good?"
- Reply: Sasha: "Re: are export 1024 ciphers no good?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
