Re: Use of SSL as a VPN

From: Nelson B (NOnelsonSPAM@NObolyard.comSPAM)
Date: 02/24/03 

From: Nelson B <NOnelsonSPAM@NObolyard.comSPAM>
Date: Mon, 24 Feb 2003 02:44:08 GMT

dave anonymous wrote:
> "David Wagner" <daw@mozart.cs.berkeley.edu> wrote in message
> news:b2rh2d$cr6$1@agate.berkeley.edu...

>>Unfortunately, I'm not sure that the DHE ciphersuites are as widely
>>supported in clients and servers as RSA.
>
> I wondered about that and tried to find which servers/browsers support
> DHE. Apache does. The documentation on MS's web site is so poor
> I can't tell. The online docs for the browsers were hopeless too, so who
> knows.

I'm using a pre-release nightly build of mozilla 1.3. It supports 8
different DHE ciphersuites, including:

      _DHE_RSA_WITH_AES_256_CBC_SHA,
      _DHE_DSS_WITH_AES_256_CBC_SHA,
      _DHE_RSA_WITH_AES_128_CBC_SHA,
      _DHE_DSS_WITH_AES_128_CBC_SHA,
      _DHE_DSS_WITH_RC4_128_SHA,
      _DHE_RSA_WITH_3DES_EDE_CBC_SHA,
      _DHE_DSS_WITH_3DES_EDE_CBC_SHA,
      _DHE_RSA_WITH_DES_CBC_SHA,
      _DHE_DSS_WITH_DES_CBC_SHA,

It interoperates with numerous OpenSSL servers that support those
ciphersuites.

> Interestingly
> Amazon.com supports a DHE mode, so somebody out there must use it.

Yes, Amazon's mail login server supports DHE_RSA_with_3DES_EDE_CBC_SHA
ciphersuite (among others), but their image servers don't (or didn't
when I tried), so if you set your browser to support only DHE ciphersuites,
you don't see any images. I guess forward secrecy might be less important
for images. 

--
Nelson B

Relevant Pages

  • Re: Use of SSL as a VPN
    ... I'm not sure that the DHE ciphersuites are as widely ... >> supported in clients and servers as RSA. ... support DHE ciphersuites. ...
    (sci.crypt)
  • Re: Linux on Capio II (Geode) ?
    ... >> doesn't support text modes natively. ... >> to see if the color or character memory has changed, ... case of 3.x servers, there are at /least/ three different forks of the ... modelines need to be overridden. ...
    (comp.arch.embedded)
  • Re: terminal servers, X-terminals in upgrade to Integrity
    ... I wonder if these will work if I upgrade to Integrity Servers? ... So there is a chance that the only thing that you need to do to use your Xyplex on an Integrity VMS system is to make sure that the LAT protocol is started. ... It may also allow TCP/IP to be used to manage it, once a TCPIP address is assigned. ... Current TCP/IP and DECW-Motif both support TCP/IP including font servers. ...
    (comp.os.vms)
  • Re: Intel ICH7 SMBus support, ichsmb(4)
    ... Supermicro not providing me some necessary details (such as how ... Some users requesting additional features too soon, such as: support ... me to spend my time getting ICHx SMBus support working under that, ... on actual production servers and are trusting my "play it safe" ...
    (freebsd-stable)
  • RE: Replication Topology Redesign
    ... Microsoft Global Technical Support Center ... | Subject: RE: Replication Topology Redesign ... | | design my Site Links. ... | | one of the core servers in that site link? ...
    (microsoft.public.win2000.active_directory)