[LINK] RFI: The Key-Length Currently Needed for SSL Security
rene
rene.ln at libertus.net
Fri Dec 10 10:45:25 AEDT 2010
On Fri, 10 Dec 2010 10:26:21 +1100, Kim Holburn wrote:
> Looks to me like the server has been configured badly. A thing that
> is terribly easy to do where encryption is concerned. In this case
> the server is creating a temporary random number for the purposes of
> diffie hellman key exchange which is too small
> and thus insecure. This is nothing to do with the server
> certificates, it is to do with the initial handshaking at the start
> of the encrypted session.
Re handshake, fwiw, in Opera 10.63 on viewing the SSL security details
(i.e. clicking the equiv of browser padlock icon) when visiting a citylink
https page, Opera says: "The server does not support secure TLS
renegotiation. The site owner should upgrade the server".
Irene
More information about the Link
mailing list