04-26-2006 07:39 AM
Dear Support,
Just received the official SSL cert from thawte, but it is only showing as 40 bit encryption not 128.
Can you help?
Thanks,
Adrian.
04-28-2006 12:28 AM
fixed this myself, didn't have the matching cipher;
was;
ssl-server 20 cipher rsa-export-with-rc4-40-md5 192.168.68.174 8080 weight 5
now;
ssl-server 20 cipher rsa-with-rc4-128-md5 192.168.68.174 8080 weight 5
Should i be using the all-ciphers rather than restricting it just to 128bit?
thanks,
adrian
04-29-2006 04:41 PM
'all-ciphers' will allow all encryption mechanisms including ones that essentially allow anonymous access. If the application transmits personal or sensitive information you probably don't want that.
If the web site has "international" customers then you need to specify at least some ciphers that have the word "export" in them. If the customer base you serve is US only, the one you are using is probably OK.
PS - you don't really need a weight unless you are specifying more than one cipher and want to have one preferred over the others. For example, you might prefer a 128 bit cipher but if the client is coming from a foreign country where the 128 is not available then allow an exportable cipher - which is not as strong.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide