[LINK] RFI: The Key-Length Currently Needed for SSL Security
rene
rene.ln at libertus.net
Fri Dec 10 10:10:48 AEDT 2010
On Thu, 9 Dec 2010 14:43:20 -0800, Scott Howard wrote:
> On Thu, Dec 9, 2010 at 1:58 PM, Roger Clarke
> <Roger.Clarke at xamax.com.au>wrote:
>
>> [The article below suggests that the Chrome browser refuses to
>> permit interactions with web-sites that use [presumably, symmetric]
>> keys [presumably, for data encryption] shorter than 1024 bits.
>>
>>
> The obvious thing they would be referring to here is the length of
> the servers private key. The standard minimum for these for years
> has been 1024 bits, although it's recently been bumped to 2048 bits.
>
> However, the Citilink site - presuming they are referring to is
> www.citylink.com.au - is using a 1024 bit private key, and given that
> the key isn't a new one (dated 2008) it's unlikely that they changed
> it recently...
>
> TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 1024 bit
This morning a blogger has posted a copy of the actual error message shown
by Chrome on accessing the citilink site:
http://www.geekrant.org/2010/12/10/citylink-poor-security/
Perhaps the "technical details" section of the error message may enable
persons who know quite a bit about SSL to determine what the problem
actually is.
Irene
More information about the Link
mailing list