[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: DSA certificate and web browsers
From:       Marc Branchaud <marcnarc () xcert ! com>
Date:       1999-07-29 17:06:17
[Download RAW message or body]


Daniel Reichenbach wrote:
> 
> It could be true. I tried Apache+mod_ssl+OpenSSL with and RSA Cert and with
> an DSA Cert. The result was that Netscape 4.6 connected with both certs and
> IE 4 and IE 5 didn`t accept the DSA Cert. In the SSL logs there was a line
> saying that IE and Apache have no CIPHER they share!?

Netscape will accept DSA certs for SSL, but it's won't do Diffie-Hellman
and so it still uses RSA to establish the SSL symmetric key.  MSIE
chokes on DSA certs altogether.

> 
> Did anyone else test it? If yes, why does IE not accept DSA certs?
> 

Why?  I imagine that M$ paid good money for RSA/BSAFE, and so they
figure why bother implementing DSA/DH support when they've already paid
for something that works just fine with IIS.

		Marc

+------------------------------------------------------------------------+
 Marc Branchaud                                  \/
 Chief PKI Architect                             /\CERT INTERNATIONAL
INC.
 marcnarc@xcert.com        PKI References page:             
www.xcert.com
 604-640-6227          www.xcert.com/~marcnarc/PKI/
+------------------------------------------------------------------------+
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

[prev in list] [next in list] [prev in thread] [next in thread]