[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: DSA certificate and web browsers
From: Marc Branchaud <marcnarc () xcert ! com>
Date: 1999-07-29 17:06:17
[Download RAW message or body]
Daniel Reichenbach wrote:
>
> It could be true. I tried Apache+mod_ssl+OpenSSL with and RSA Cert and with
> an DSA Cert. The result was that Netscape 4.6 connected with both certs and
> IE 4 and IE 5 didn`t accept the DSA Cert. In the SSL logs there was a line
> saying that IE and Apache have no CIPHER they share!?
Netscape will accept DSA certs for SSL, but it's won't do Diffie-Hellman
and so it still uses RSA to establish the SSL symmetric key. MSIE
chokes on DSA certs altogether.
>
> Did anyone else test it? If yes, why does IE not accept DSA certs?
>
Why? I imagine that M$ paid good money for RSA/BSAFE, and so they
figure why bother implementing DSA/DH support when they've already paid
for something that works just fine with IIS.
Marc
+------------------------------------------------------------------------+
Marc Branchaud \/
Chief PKI Architect /\CERT INTERNATIONAL
INC.
marcnarc@xcert.com PKI References page:
www.xcert.com
604-640-6227 www.xcert.com/~marcnarc/PKI/
+------------------------------------------------------------------------+
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic