17 Dec
2003
17 Dec
'03
5:17 p.m.
a) Use 128 bit SSL if the client allows it. b) Tell users which cipher is being used on a secure session.
Interesting. When I connect, both from my Unix box at work and my Mac at home, I'm told the connection is "40 bits RC4". I'm running Netscape 1.1. I guess this makes sense, since if freely distributed clients were 128-bit capable, then foreign users would still get 128-bit security when connecting to U.S. servers. Netscape's press release on the RC4-40 crack seems to have disappeared from their home page, but I don't remember any specific mention of 128-bit U.S.-only clients, just servers. So what's up? -- Will