[LINK] RFI: The Key-Length Currently Needed for SSL Security

rene rene.ln at libertus.net
Fri Dec 10 10:10:48 AEDT 2010


On Thu, 9 Dec 2010 14:43:20 -0800, Scott Howard wrote:

> On Thu, Dec 9, 2010 at 1:58 PM, Roger Clarke
> <Roger.Clarke at xamax.com.au>wrote:
>
>> [The article below suggests that the Chrome browser refuses to
>> permit interactions with web-sites that use [presumably, symmetric]
>> keys [presumably, for data encryption] shorter than 1024 bits.
>>
>>
> The obvious thing they would be referring to here is the length of
> the servers private key.  The standard minimum for these for years
> has been 1024 bits, although it's recently been bumped to 2048 bits.
>
> However, the Citilink site - presuming they are referring to is
> www.citylink.com.au - is using a 1024 bit private key, and given that
> the key isn't a new one (dated 2008) it's unlikely that they changed
> it recently...
>
> TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 1024 bit

This morning a blogger has posted a copy of the actual error message shown 
by Chrome on accessing the citilink site:

http://www.geekrant.org/2010/12/10/citylink-poor-security/

Perhaps the "technical details" section of the error message may enable 
persons who know quite a bit about SSL to determine what the problem 
actually is.

Irene




More information about the Link mailing list