[PYTHON-CRYPTO] M2Cypto SSL and IE5's 56bit bug

Richard Jones richard at bizarsoftware.com.au
Wed Jul 4 12:29:22 CEST 2001

On Wed,  4 Jul 2001 20:15, Michael Ströder wrote:
> Richard Jones wrote:
> > I've talked to Thawte about it, and am going with the $50 re-issue of the
> > cert. No SGC extension. Guaranteed to work - just like the test cert that
> > comes with m2crypto.
> No SGC in extendedKeyUsage extension means that weak ciphers will be
> used. You have to clarify if your local security policy allows that.
> E.g. SSL-capable banking applications in Germany are not allowed to
> run with weak ciphers.

But the workarounds for apache/ssl pretty much force the weaker ciphers by 
removing the 40-bit ones. At least with this the 56-bit browsers will use 
56-bit ciphers. And hoperfully, with the @STRONGEST on the end of our cipher 
list, 128-bit browsers will use 128-bit ciphers. I have to admit a very 
slight knowledge of SSL though, and no knowledge of the inner workings of 
SGC, so what I've just said is probably complete garbage :(

    Richard (who just wants the damn thing to work!)

Richard Jones
richard at bizarsoftware.com.au
Senior Software Developer, Bizar Software (www.bizarsoftware.com.au)

More information about the python-crypto mailing list