From: Eric Murray <ericm@lne.com>
Date: Fri, 30 Aug 1996 02:54:34 +0800
To: trei@process.com
Subject: Re: MSIE cryptography
In-Reply-To: <199608291427.HAA18951@toad.com>
Message-ID: <199608291536.IAA31494@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei writes:
> 
> John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk> writes:
> 
> > Just downloaded the most recent English Version 2.1 for Windows 3.1.
> > This does appear to do the same in terms of no encryption at all after
> > the server hello.
[..]

 
> I understand that some versions of MSIE support SSL level 3. SSL3 includes a
> capability to switch 'cipher suites' in mid-session, or pick one at the start of the
> session. One of the standard cipher suites performs authentication, but not 
> encryption. This is consistant with your description.
> 
> Please ensure that the server you are connecting to is not configured for
> authenticate-only. It would be a pity to raise a big ruckus over what may be
> just a mis-configured server.

In addition, encryption isn't performed until after the ClientFinished
and ServerFinished messages, no matter which CipherSuites are negotiated.


I don't know what MSIE looks like, but I'd guess that somewhere in
it there is a screen similar to Netscape's for configuring SSL.
In Netscape you can select which CipherSuites to use, including
"No encryption with an MD5 MAC".  If you turn off the "No encryption.."
CipherSuites in MSIE, you should get an encrypted connection.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF