[LINK] RFI: The Key-Length Currently Needed for SSL Security

rene rene.ln at libertus.net
Fri Dec 10 10:45:25 AEDT 2010


On Fri, 10 Dec 2010 10:26:21 +1100, Kim Holburn wrote:

> Looks to me like the server has been configured badly.  A thing that
> is terribly easy to do where encryption is concerned.  In this case
> the server is creating a temporary random number for the purposes of
> diffie hellman key exchange which is too small
> and thus insecure.  This is nothing to do with the server
> certificates, it is to do with the initial handshaking at the start
> of the encrypted session.

Re handshake, fwiw, in Opera 10.63 on viewing the SSL security details 
(i.e. clicking the equiv of browser padlock icon) when visiting a citylink 
https page, Opera says: "The server does not support secure TLS 
renegotiation. The site owner should upgrade the server".

Irene




More information about the Link mailing list