[PYTHON-CRYPTO] M2Cypto SSL and IE5's 56bit bug
Richard Jones
richard at BIZARSOFTWARE.COM.AU
Wed Jul 4 09:08:54 CEST 2001
Here's a workaround for ZServerSSL for the 56bit SSL cipher bug in IE 5. The
bug is described in the following pages:
http://www.geocrawler.com/archives/3/191/2000/6/0/3962617/
http://support.microsoft.com/support/kb/articles/Q249/8/63.asp
I've managed to work around it in much the same way as the Apache mod-ssl fix
- by disabling the 56bit ciphers. In ZServerSSL, this is achieved using the
following context call:
ssl_ctx.set_cipher_list('ALL:!EXPORT56:!ADH:RC4+RSA:+SSLv2:@STRENGTH')
... except this doesn't work. A dump of ssl_conn.get_ciphers() definitely
doesn't list any 56-bit ciphers, but IE still refuses to work. A test with
s_server in both -www and -WWW mode works OK though (with -cipher being the
above cipher list)...
Anyone got any ideas?
Richard
--
Richard Jones
richard at bizarsoftware.com.au
Senior Software Developer, Bizar Software (www.bizarsoftware.com.au)
More information about the python-crypto
mailing list