[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LYNX-DEV More on SSL with Lynx 2.8
|
From: |
Mark Mentovai |
|
Subject: |
LYNX-DEV More on SSL with Lynx 2.8 |
|
Date: |
Wed, 11 Mar 1998 17:20:51 -0500 (EST) |
This was a concern raised a few days ago when this whole discussion on SSL
was kicked off (again). It was unclear as to how strong the security
offered by Lynx 2.8 with the SSL hooks available from
http://www.moxienet.com/lynx/ was. I stated that I was pretty sure that
this was left up to SSLeay, which made provisions for at least 128-bit
security.
Over the past couple of days, I was able to confirm this. Lynx will
communicate using whatever cipher SSLeay and the remote host agree on. If
your SSLeay and the remote server support 168-bit security, then Lynx will
be capable of doing this; if your SSLeay only has 40-bit security, then
that's all you'll get.
To see what ciphers your installed version of SSLeay has, use its ciphers
program. The -v switch enables a verbose listing; use -ssl3 to show
ciphers used with SSL3, and -ssl2 to show ciphers used with SSL2. Its
output is, for the most part, self-explanatory.
So, in effect, if a site tells you that it is unable to communicate with
your SSL-enhanced version of Lynx because it doesn't have a high enough
level of security, it's time to send a letter to a webmaster, because Lynx
should have no trouble communicating with these sites.
(Maybe sometime - hopefully soon - I'll be able to add features to the SSL
patch that allow the user to configure which ciphers to be used. I'd also
like to work in certificate support and maybe some other niceties.)
-Mox
--
Mark Mentovai
address@hidden
http://www.moxienet.com/
- LYNX-DEV More on SSL with Lynx 2.8,
Mark Mentovai <=