Seeking Best Approaches For Guaranteeing 128-bit SSL
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Michael_Strong
Posted On:   Thursday, February 13, 2003 11:38 AM

We've considered several approaches, including low-brow ones, like simply removing all ciphers from the server socket's cipher suite whose minimum key size is smaller than 128. Are there some best-practice, idiomatic ways for efficiently guaranteeing that we consumate an SSL connection using at least an 128-bit key? I think I read that SSL 3.0's minimum is always 128 - that is if the 3.0 system is the instigator, so would forcing an SSL 3.0-only relationship accomplish what we seek? If that is a commendable tact, how can we force our side to not accomodate SSL 2.0 if that is all the client supports? IOW - we would want to error out rather than drop down to 2.0 comaptibility. In this particular   More>>

We've considered several approaches, including low-brow ones, like simply removing all ciphers from the server socket's cipher suite whose minimum key size is smaller than 128.


Are there some best-practice, idiomatic ways for efficiently guaranteeing that we consumate an SSL connection using at least an 128-bit key?


I think I read that SSL 3.0's minimum is always 128 - that is if the 3.0 system is the instigator, so would forcing an SSL 3.0-only relationship accomplish what we seek? If that is a commendable tact, how can we force our side to not accomodate SSL 2.0 if that is all the client supports? IOW - we would want to error out rather than drop down to 2.0 comaptibility.


In this particular project (several going on), we are using BEA WebLogic 6.1, so we would be even more grateful if one of you could even point us to some pre-fab snippets or info in a WLS6.1 context.


Thanks, in advance, comrades.


Mike Strong

Infused Solutions

   <<Less
About | Sitemap | Contact